Error 403 Forbidden when trying to create secure .htaccess file

Post the exact code you are using. Also are you blocking your own IP address in that code?

No, i’m not blocking my own ip address. I’m actually trying to stop spam referrals that have been hitting my website.

The code i’ve used is:

Order Allow,Deny
Deny from 69.195.140.123
Deny from 104.254.244.31
Deny from 141.8.224.221
Deny from 82.80.221.158
Deny from 78.110.60.230
Deny from 5.44.217.52
Allow from all

The code looks good/valid. Do these troubleshooting steps below to eliminate any other custom code that may be bad/invalid.

1. Cut (not Copy) all custom htaccess code that you have added to all/any BPS Custom Code text boxes and save that code to a text file on your computer.
2. Add ONLY the Order htaccess code you posted above.
3. Click the Save Root Custom Code button.
4. Go to the Security Modes page, click the Create secure.htaccess File AutoMagic button and activate root folder BulletProof Mode.

Let me know what happens.

Actually, this was already the only custom code added.

But I did everything again. Deleted the code, saved it with all the fields blank. Pasted it back, saved again, tried to create the secure file and received the following message:

augustolacerda.com.br 403 Forbidden Error Page

If you arrived here due to a search or clicking on a link click your Browser’s back button to return to the previous page. Thank you.

Ok now let’s see if your server or something installed on your server is causing the 403 error by blocking BPS. Do these steps below.

1. Go to the Security Log page and turn off Security logging.
2. Try to create the secure.htaccess file.

Let me know if you now see a server error message instead of the standard BPS 403 template page message/error.

New error message: Forbidden

You don’t have permission to access /wp-admin/admin.php on this server.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

This time is not BPS template, just a blank page with the text

how can i do to add the code manually?

just paste it at the end of the htaccess file?

Ok it is something on your server that is causing the issue. Now let’s see if the BPS Query String Exploits filters are what the server is blocking. Do these steps below.

1. Copy this code below to this BPS Custom Code text box: CUSTOM CODE BPSQSE BPS QUERY STRING EXPLOITS
2. Click the Save Root Custom Code button.
3. Go to the Security Modes page, click the Create secure.htaccess File AutoMagic button and activate root folder BulletProof Mode.

RewriteCond %{QUERY_STRING} (sp_executesql) [NC]
RewriteRule ^(.*)$ - [F]
# END BPSQSE BPS QUERY STRING EXPLOITS

I tried two things:

with the security log turned on: 403 forbidden message from the bps template

with security log turned off: 404 not found message from blank page

Ok see if your server allows any BPS plugin functions to work at all or if the server is blocking the secure htaccess file only. Do these steps below.

1. Click the Create default.htaccess File AutoMagic button.
2. Activate Default Mode.

received the 403 forbidden message when trying to create the default .htaccess file

Ok that confirms that it is not any of the BPS security code that is being blocked by your server. It appears that your server is blocking BPS plugin forms/functionality. You can try manually creating htaccess files for now and contact your host and ask them to test the BPS plugin to see why they are blocking it.

ok, i’ll try to create the file myself. let’s see how it goes…
thank you very much for the support.
??

The secure.htaccess file is here: /bulletproof-security/admin/htaccess/secure.htaccess

The wp-admin htaccess file is here: /bulletproof-security/admin/htaccess/wpadmin-secure.htaccess

In the secure.htaccess file you will need to manually add your domain in this code below.

# TIMTHUMB FORBID RFI and MISC FILE SKIP/BYPASS RULE
# Use BPS Custom Code to modify/edit/change this code and to save it permanently.
# Remote File Inclusion (RFI) security rules
# Note: Only whitelist your additional domains or files if needed - do not whitelist hacker domains or files
RewriteCond %{QUERY_STRING} ^.*(http|https|ftp)(%3A|:)(%2F|/)(%2F|/)(w){0,3}.?(blogger|picasa|blogspot|tsunami|petapolitik|photobucket|imgur|imageshack|wordpress\.com|img\.youtube|tinypic\.com|upload\.wikimedia|kkc|start-thegame).*$ [NC,OR]
RewriteCond %{THE_REQUEST} ^.*(http|https|ftp)(%3A|:)(%2F|/)(%2F|/)(w){0,3}.?(blogger|picasa|blogspot|tsunami|petapolitik|photobucket|imgur|imageshack|wordpress\.com|img\.youtube|tinypic\.com|upload\.wikimedia|kkc|start-thegame).*$ [NC]
RewriteRule .* index.php [F]
#
# Example: Whitelist additional misc files: (example\.php|another-file\.php|phpthumb\.php|thumb\.php|thumbs\.php)
RewriteCond %{REQUEST_URI} (timthumb\.php|phpthumb\.php|thumb\.php|thumbs\.php) [NC]
# Example: Whitelist additional website domains: RewriteCond %{HTTP_REFERER} ^.*(YourWebsite.com|AnotherWebsite.com).*
RewriteCond %{HTTP_REFERER} ^.*augustolacerda.com.br.*
RewriteRule . - [S=1]

Assuming all questions have been answered – thread has been resolved. If the issue/problem is not resolved or you have additional questions about this specific thread topic then you can post them at any time. We still receive email notifications when threads have been resolved.

Thread Start Date: 5-2-2015 to 5-3-2015
Thread Resolved/Current Date: 5-7-2015