wrong code

i have code `# BRUTE FORCE LOGIN PAGE PROTECTION
# Protects the Login page from SpamBots, HackerBots & Proxies
# that use Server Protocol HTTP/1.0 or a blank User Agent
RewriteCond %{REQUEST_URI} ^(/wp-login\.php|.*wp-login\.php.*)$
RewriteCond %{HTTP_USER_AGENT} ^$ [OR]
RewriteCond %{THE_REQUEST} HTTP/1\.0$ [OR]
RewriteCond %{SERVER_PROTOCOL} HTTP/1\.0$
RewriteRule ^(.*)$ – [F,L]`

in
CUSTOM CODE BOTTOM HOTLINKING/FORBID COMMENT SPAMMERS/BLOCK BOTS/BLOCK IP/REDIRECT CODE:
i want to clear it as it is in by mistake but i just get 403 when removing and saving.
How can i remove this so that i prevent the 403, at the moment i can’t see how to remove

log says
HTTP_REFERER: http://www.xxxxxxx.co.uk/wp-admin/admin.php?page=bulletproof-security/admin/core/options.php
REQUEST_URI: /wp-admin/options.php

So do i need a bypass rule? i know its the code causing it but can’t clear it (save after removal)

https://wordpress.org/plugins/bulletproof-security/