BulletProof Security ~ htaccess Core

Ok in order to help you I need details about the exact problem is occurring.

In regards to cPanel and BPS:
The only thing that BPS does that can affect cPanel in any way is that you can lock your root .htaccess file with 404 permissions in BPS. So if you are trying to do something in cPanel that needs the root .htaccess file to be unlocked then you just need to unlock it either within BPS or using FTP or cPanel itself to change file permissions from 404 to 644. Also there is an ongoing issue with a broken tool in cPanel called the HotLink Protection Tool that breaks BPS and will also break your website. See this sticky post for specific details >>> https://www.ads-software.com/support/topic/plugin-bulletproof-security-broken-cpanel-hotlink-tool-404-errors-unable-to-edit-htaccess-files?replies=2

These are the details that i need to start troubleshooting the problem that is occurring on your specific website.

Have you clicked the AutoMagic buttons and activated all BulletProof Modes?

Have you tried to put BPS in Default Mode by using these steps below?
1. Make a backup of your .htaccess files using BulletProof Security built-in Backup.
2. Activate Default Mode on the Security Modes page.
3. Use the Delete wp-admin .htaccess feature on the Security Modes page.
4. Test your plugin or theme.
5. Restore your .htaccess files using BulletProof Security built-in Restore.

Hello lbs42807,

Please provide a status update.

Thank you.

Hello lbs42807,

Please provide a status update.

Thank you.

Resolving due to lack of response. If the problem is still occurring please post another comment. Thank you.

I have seen lots of threads related to this issue and am still confused so any help would be appreciated. I have the free bulletproof plugin and “better wp security” plugin. On most of my logins to wp I check Bulletproof security status and it shows: “The WP readme.html file is not .htaccess protected”. Instead of the 404 .htaccess it has changed to 644. I then do the “Activate Website Root Folder .htaccess Security Mode”. This corrects both problems but has to be repeated on most subsequent logins which means the site is vulnerable in between.
I would like to see if then can be resolved prior to upgrading.

Server Type: Apache
Operating System: Linux
Server API: cgi-fcgi – Your Host Server is using CGI.

If this should be posted in a different thread please advise.

Thanks very much
mlhwebsites

I am not exactly sure what Better WP Security is doing these days, but yes you are correct that that plugin somehow breaks the BPS check for the readme.html file. I believe the simplest solution would be to copy the Better WP Security .htaccess code to BPS Custom Code in the: CUSTOM CODE BOTTOM HOTLINKING/FORBID COMMENT SPAMMERS/BLOCK BOTS/BLOCK IP/REDIRECT CODE: Add miscellaneous code here text box, click the Save Root Custom Code button, go to the Security Modes page, click the Create secure.htaccess File button and activate Root folder BulletProof Mode again.

Thank you much for your unbelievably quick response!

Do you know where I can find the Better WP Security .htaccess code? Is the .htaccess in the root folder the one I should backup in case this breaks something? I can try this in one of my test sites.

Before trying this I am trying to determine when this is triggered by monitoring all sites to see when the 404 changes to 644. I know better wp security is not your problem but for info purposes while it’s 404: In their dashboard it shows “Better WP Security is allowed to write to wp-config.php and .htaccess.” but under System Info it says: “neither of these are writeable”. This seems like a conflict.

Thanks again – I appreciate your tim

BPS has a built-in .htaccess editor on the BPS Edit/Upload/Download page where you can edit your .htaccess files. To see a video tutorial on how to add custom code to BPS Custom Code click on the Custom Code Video Tutorial link on the BPS Custom Code page.

I don’t even like testing Better WP Security. It has wrecked a couple of my test sites so if i can avoid that plugin i do. ?? it does some things with the database that do not have simple “undo” capability so you end up wiping the entire site to get rid of that plugin.

The only reason I added it was it did some things Bulletproof didn’t such as logging 404 errors (detection), monitoring changed files etc. I’ve had one site hacked so I get nervous. Perhaps I should deactivate it for a while to see if that stops the 404 to 644.

Well in general 404 file permissions means Read-Only and 644 means allow writing so if a file has 404 permissions then it is locked and is not writable until it is unlocked to 644 file permissions. So the message you posted above from Better WP Security does not make sense. it should be 404 not writable. 644 is writable. ?? Probably just a coding mistake in Better WP Security where the check or the displayed message for the check is backwards. ??