5high
Forum Replies Created
-
OK, and thanks for taking the time to explain it – I’ll review on my local server as you suggested.
OK – I understand the usage of your plugin much better now – thanks!
I’ll certainly use it for my next child theme, but I’m only developing this one for our own site.
I notice in other threads that you tell people to remove the .git folder before uploading a theme – so should it not be there at all once it’s finished and up on the server? So I could/should delete it??
Also that I’ve read that it’s the server that makes the error_log.php file on installation – so, likewise, should I delete it?? (the one in the main theme folder)? Or will that cause some problems?
Many thanks for your feedback and advice.
I have to admit it’s a bit of a relief to know that I’m not the only one having this issue – and I agree that it’s a serious problem as it completely breaks the site, with no warnings, other than having to test it everyday – not ideal.
I think the problem is that the BWPS plugin authors don’t review this forum, as hardly any posts are commented on or resolved. Should this be a bug report instead?
just to follow up, i’ve checked with all the other plugins I use, and none write to .htaccess apart from BWPS!
The abnormal changes to the .thaccess file (that breaks the site) happens intermittently – either 2 x month or sometimes not for another 4 months – so it seems unlikely to be a virus? And the changes are varied – once all the wp code was totally removed; another time extra wp code was added, but only part of it (IE: incomplete code); previously we’ve had about 100 lines of XXXXXXXX added in the block ISP’s section; and so on… so very varied!
Overall I’m tightening up on my wp security: I’ve gone through our whole site and cleaned it up hugely, and secured the wp-congig and htaccess files etc so this should all help. I’ve also run the Securi check on the site, and run the malware checker – and all good – plus we run good local pc protection and ensure all wp and wp plugins are updated – so unlikely to find the issue there I guess.
BUT my concern is that we’ve only had this issue since using the BWPS plugin.
Any comments about these abnormal edits?
Thanks.
Thanks lopo 🙂
Thanks for all the info and your help – i’ll let you know if there’s a problem with Ecwid when I increase the security settings.
Cheers.Forum: Plugins
In reply to: [Ultimate Maintenance Mode] rewrite to htaccess file shut down siteMany thanks for getting back to me – all sorted now (i hope!).
Forum: Plugins
In reply to: [MC4WP: Mailchimp for WordPress] rewrite to htaccess file shut down siteMany thanks for getting back to me – all sorted now (i hope!).
Hi makfruit,
Thanks for your very detailed and helpful reply. I’ve had a good read of all the links you suggested, and followed up on others, so feel much better informed now – excellent resources, thanks!
re. your suggested culprits:
From our experience, such issue might be caused by one of the following parties:
– Your WordPress configuration or your theme’s specific functions
– Some kind of SEO or redirects WP plugin on your site
– A virus/malware on your site or on your computerwe use WP SEO by Yoast (which is highly recommended by many, so should be OK): I’ve run the Securi check on our site and the Malware check – and all good, so that’s a relief: and all wp themes and plugins are up to date…. though as we have a child theme I will probably run the theme checker plugin too.
re:
Do you have any third-party plugin which is responsible for redirects or SEO-friendly URLS (Clean URLs)? Also, please let me know what settings do you have on the Settings->Permalinks page (what mode is selected there)?
the Yoast plugin probably does this to some extent, and our settings are fairly standard wp ones =
Post name http://trevorpenfold.com/sample-post/
so OK here??
The abnormal changes to the .thaccess file (that breaks the site) happens intermittently – either 2 x month or sometimes not for another 4 months – so it seems unlikely to be a virus? And the changes are varied – once all the wp code was totally removed; another time extra wp code was added, but only part of it (IE: incomplete code); previously we’ve had about 100 lines of XXXXXXXX added in the block ISP’s section; and so on… so very varied!
Overall, I’ve gone through our whole site and cleaned it up hugely, and secured the wp-congig and htaccess files etc so this should all help – agin many thanks for the links.
There are a few more security settings i’d like to add, so please can you let me know if any of the following security settings (these are setting options in Better WP Security) will effect how the Ecwid plugin works?…
Server Tweaks:
1. Protect Files
Prevent public access to readme.html, readme.txt, wp-config.php, install.php, wp-includes, and .htaccess. These files can give away important information on your site and serve no purpose to the public once WordPress has been successfully installed.
(Warning: This feature is known to cause conflicts with some plugins and themes.)2. Disable Directory Browsing
Prevents users from seeing a list of files in a directory when no index file is present.
(Warning: This feature is known to cause conflicts with some server configurations in which this feature has already been enabled in Apache.)3. Filter Request Methods
Filter out hits with the trace, delete, or track request methods.
(Warning: This feature is known to cause conflicts with some plugins and themes.)4. Filter Suspicious Query Strings
Filter out suspicious query strings in the URL. These are very often signs of someone trying to gain access to your site but some plugins and themes can also be blocked.
(Warning: This feature is known to cause conflicts with some plugins and themes.)5. Filter Non-English Characters
Filter out non-english characters from the query string. This should not be used on non-english sites and only works when “Filter Suspicious Query String” has been selected.
(Warning: This feature is known to cause conflicts with some plugins and themes.)Header Tweaks:
6. Remove EditURI header
Removes the RSD (Really Simple Discovery) header. If you don’t integrate your blog with external XML-RPC services such as Flickr then the “RSD” function is pretty much useless to you.
(Warning: This feature is known to cause conflicts with some 3rd party application and services that may want to interact with WordPress.)I look forward to your comments – many thanks.
Forum: Plugins
In reply to: [MC4WP: Mailchimp for WordPress] rewrite to htaccess file shut down siteAlso please can you let me know if any of the following security settings (these are setting options in Better WP Security) will effect how this plugin works?…
Server Tweaks:
1. Protect Files
Prevent public access to readme.html, readme.txt, wp-config.php, install.php, wp-includes, and .htaccess. These files can give away important information on your site and serve no purpose to the public once WordPress has been successfully installed.
(Warning: This feature is known to cause conflicts with some plugins and themes.)2. Disable Directory Browsing
Prevents users from seeing a list of files in a directory when no index file is present.
(Warning: This feature is known to cause conflicts with some server configurations in which this feature has already been enabled in Apache.)3. Filter Request Methods
Filter out hits with the trace, delete, or track request methods.
(Warning: This feature is known to cause conflicts with some plugins and themes.)4. Filter Suspicious Query Strings
Filter out suspicious query strings in the URL. These are very often signs of someone trying to gain access to your site but some plugins and themes can also be blocked.
(Warning: This feature is known to cause conflicts with some plugins and themes.)5. Filter Non-English Characters
Filter out non-english characters from the query string. This should not be used on non-english sites and only works when “Filter Suspicious Query String” has been selected.
(Warning: This feature is known to cause conflicts with some plugins and themes.)Header Tweaks:
6. Remove EditURI header
Removes the RSD (Really Simple Discovery) header. If you don’t integrate your blog with external XML-RPC services such as Flickr then the “RSD” function is pretty much useless to you.
(Warning: This feature is known to cause conflicts with some 3rd party application and services that may want to interact with WordPress.)I’m just trying to improve my wp security, having had these issues with the .htaccess file changes, and am trying to follow recommended ‘wp hardening’ strategies. Might also be useful for others to know this info too?
I look forward to your comments – many thanks.
Also please can you let me know if any of the following security settings (these are setting options in Better WP Security) will effect how this plugin works?…
Server Tweaks:
1. Protect Files
Prevent public access to readme.html, readme.txt, wp-config.php, install.php, wp-includes, and .htaccess. These files can give away important information on your site and serve no purpose to the public once WordPress has been successfully installed.
(Warning: This feature is known to cause conflicts with some plugins and themes.)2. Disable Directory Browsing
Prevents users from seeing a list of files in a directory when no index file is present.
(Warning: This feature is known to cause conflicts with some server configurations in which this feature has already been enabled in Apache.)3. Filter Request Methods
Filter out hits with the trace, delete, or track request methods.
(Warning: This feature is known to cause conflicts with some plugins and themes.)4. Filter Suspicious Query Strings
Filter out suspicious query strings in the URL. These are very often signs of someone trying to gain access to your site but some plugins and themes can also be blocked.
(Warning: This feature is known to cause conflicts with some plugins and themes.)5. Filter Non-English Characters
Filter out non-english characters from the query string. This should not be used on non-english sites and only works when “Filter Suspicious Query String” has been selected.
(Warning: This feature is known to cause conflicts with some plugins and themes.)Header Tweaks:
6. Remove EditURI header
Removes the RSD (Really Simple Discovery) header. If you don’t integrate your blog with external XML-RPC services such as Flickr then the “RSD” function is pretty much useless to you.
(Warning: This feature is known to cause conflicts with some 3rd party application and services that may want to interact with WordPress.)I’m just trying to improve my wp security, having had these issues with the .htaccess file changes, and am trying to follow recommended ‘wp hardening’ strategies. Might also be useful for others to know this info too?
I look forward to your comments – many thanks.
Also please can you let me know if any of the following security settings (these are setting options in Better WP Security) will effect how this plugin works?…
Server Tweaks:
1. Protect Files
Prevent public access to readme.html, readme.txt, wp-config.php, install.php, wp-includes, and .htaccess. These files can give away important information on your site and serve no purpose to the public once WordPress has been successfully installed.
(Warning: This feature is known to cause conflicts with some plugins and themes.)2. Disable Directory Browsing
Prevents users from seeing a list of files in a directory when no index file is present.
(Warning: This feature is known to cause conflicts with some server configurations in which this feature has already been enabled in Apache.)3. Filter Request Methods
Filter out hits with the trace, delete, or track request methods.
(Warning: This feature is known to cause conflicts with some plugins and themes.)4. Filter Suspicious Query Strings
Filter out suspicious query strings in the URL. These are very often signs of someone trying to gain access to your site but some plugins and themes can also be blocked.
(Warning: This feature is known to cause conflicts with some plugins and themes.)5. Filter Non-English Characters
Filter out non-english characters from the query string. This should not be used on non-english sites and only works when “Filter Suspicious Query String” has been selected.
(Warning: This feature is known to cause conflicts with some plugins and themes.)Header Tweaks:
6. Remove EditURI header
Removes the RSD (Really Simple Discovery) header. If you don’t integrate your blog with external XML-RPC services such as Flickr then the “RSD” function is pretty much useless to you.
(Warning: This feature is known to cause conflicts with some 3rd party application and services that may want to interact with WordPress.)I’m just trying to improve my wp security, having had these issues with the .htaccess file changes, and am trying to follow recommended ‘wp hardening’ strategies. Might also be useful for others to know this info too?
I look forward to your comments – many thanks.
Forum: Plugins
In reply to: [Ultimate Maintenance Mode] rewrite to htaccess file shut down siteAlso please can you let me know if any of the following security settings (these are setting options in Better WP Security) will effect how this plugin works?…
Server Tweaks:
1. Protect Files
Prevent public access to readme.html, readme.txt, wp-config.php, install.php, wp-includes, and .htaccess. These files can give away important information on your site and serve no purpose to the public once WordPress has been successfully installed.
(Warning: This feature is known to cause conflicts with some plugins and themes.)2. Disable Directory Browsing
Prevents users from seeing a list of files in a directory when no index file is present.
(Warning: This feature is known to cause conflicts with some server configurations in which this feature has already been enabled in Apache.)3. Filter Request Methods
Filter out hits with the trace, delete, or track request methods.
(Warning: This feature is known to cause conflicts with some plugins and themes.)4. Filter Suspicious Query Strings
Filter out suspicious query strings in the URL. These are very often signs of someone trying to gain access to your site but some plugins and themes can also be blocked.
(Warning: This feature is known to cause conflicts with some plugins and themes.)5. Filter Non-English Characters
Filter out non-english characters from the query string. This should not be used on non-english sites and only works when “Filter Suspicious Query String” has been selected.
(Warning: This feature is known to cause conflicts with some plugins and themes.)Header Tweaks:
6. Remove EditURI header
Removes the RSD (Really Simple Discovery) header. If you don’t integrate your blog with external XML-RPC services such as Flickr then the “RSD” function is pretty much useless to you.
(Warning: This feature is known to cause conflicts with some 3rd party application and services that may want to interact with WordPress.)I’m just trying to improve my wp security, having had these issues with the .htaccess file changes, and am trying to follow recommended ‘wp hardening’ strategies. Might also be useful for others to know this info too?
I look forward to your comments – many thanks.
Forum: Plugins
In reply to: [Display Widgets] rewrite to htaccess file shut down siteAlso please can you let me know if any of the following security settings (these are setting options in Better WP Security) will effect how this plugin works?…
Server Tweaks:
1. Protect Files
Prevent public access to readme.html, readme.txt, wp-config.php, install.php, wp-includes, and .htaccess. These files can give away important information on your site and serve no purpose to the public once WordPress has been successfully installed.
(Warning: This feature is known to cause conflicts with some plugins and themes.)2. Disable Directory Browsing
Prevents users from seeing a list of files in a directory when no index file is present.
(Warning: This feature is known to cause conflicts with some server configurations in which this feature has already been enabled in Apache.)3. Filter Request Methods
Filter out hits with the trace, delete, or track request methods.
(Warning: This feature is known to cause conflicts with some plugins and themes.)4. Filter Suspicious Query Strings
Filter out suspicious query strings in the URL. These are very often signs of someone trying to gain access to your site but some plugins and themes can also be blocked.
(Warning: This feature is known to cause conflicts with some plugins and themes.)5. Filter Non-English Characters
Filter out non-english characters from the query string. This should not be used on non-english sites and only works when “Filter Suspicious Query String” has been selected.
(Warning: This feature is known to cause conflicts with some plugins and themes.)Header Tweaks:
6. Remove EditURI header
Removes the RSD (Really Simple Discovery) header. If you don’t integrate your blog with external XML-RPC services such as Flickr then the “RSD” function is pretty much useless to you.
(Warning: This feature is known to cause conflicts with some 3rd party application and services that may want to interact with WordPress.)I’m just trying to improve my wp security, having had these issues with the .htaccess file changes, and am trying to follow recommended ‘wp hardening’ strategies. Might also be useful for others to know this info too?
I look forward to your comments – many thanks.
Forum: Plugins
In reply to: [WP-PageNavi] rewrite to htaccess file shut down siteAlso please can you let me know if any of the following security settings (these are setting options in Better WP Security) will effect how this plugin works?…
Server Tweaks:
1. Protect Files
Prevent public access to readme.html, readme.txt, wp-config.php, install.php, wp-includes, and .htaccess. These files can give away important information on your site and serve no purpose to the public once WordPress has been successfully installed.
(Warning: This feature is known to cause conflicts with some plugins and themes.)2. Disable Directory Browsing
Prevents users from seeing a list of files in a directory when no index file is present.
(Warning: This feature is known to cause conflicts with some server configurations in which this feature has already been enabled in Apache.)3. Filter Request Methods
Filter out hits with the trace, delete, or track request methods.
(Warning: This feature is known to cause conflicts with some plugins and themes.)4. Filter Suspicious Query Strings
Filter out suspicious query strings in the URL. These are very often signs of someone trying to gain access to your site but some plugins and themes can also be blocked.
(Warning: This feature is known to cause conflicts with some plugins and themes.)5. Filter Non-English Characters
Filter out non-english characters from the query string. This should not be used on non-english sites and only works when “Filter Suspicious Query String” has been selected.
(Warning: This feature is known to cause conflicts with some plugins and themes.)Header Tweaks:
6. Remove EditURI header
Removes the RSD (Really Simple Discovery) header. If you don’t integrate your blog with external XML-RPC services such as Flickr then the “RSD” function is pretty much useless to you.
(Warning: This feature is known to cause conflicts with some 3rd party application and services that may want to interact with WordPress.)I’m just trying to improve my wp security, having had these issues with the .htaccess file changes, and am trying to follow recommended ‘wp hardening’ strategies. Might also be useful for others to know this info too?
I look forward to your comments – many thanks.