Site Completely Unaccessible After Changing Plugin Settings

Whenever I change any of the settings of the Better WP Security plugin or try to reactivate it after having it deactivated, my website and the WP frontend becomes completely unaccessible with the error message “Access forbidden”.

I need to SSH to my server and comment out the following lines in .htaccess which have been set by the plugin to get my site working again:

Order Allow,Deny
Deny from env=DenyAccess
Allow from all
SetEnvIF REMOTE_ADDR "^127\.0\.0\.1$" DenyAccess
SetEnvIF X-FORWARDED-FOR "^127\.0\.0\.1$" DenyAccess
SetEnvIF X-CLUSTER-CLIENT-IP "^127\.0\.0\.1$" DenyAccess

Why do these settings of Better WP Security break my web site?

Could these be any indication that my web site had been hacked or a back door had been installed? My web site worked fine for months but stopped working suddenly with the error message described above. It took me hours to find the issue and remove the settings in .htaccess.

https://www.ads-software.com/plugins/better-wp-security/