Forum Replies Created

Viewing 3 replies - 1 through 3 (of 3 total)
  • Thread Starter alfardo

    (@alfardo)

    after htaccess file restored to original and plugin removed via ftp I am back in to my site now…

    can a safe setting be explained to provide security with out locking my out please

    Thread Starter alfardo

    (@alfardo)

    OK i tried to delete all of the plugin data from the htaccess plugin and now I can get to the login screen but it is telling me that the password is incorrect when i know it is right… I have used up 3 attempts

    please help me

    Thread Starter alfardo

    (@alfardo)

    I do not have the brute force setting enabled as i was too worried about getting locked out.

    My .htaccess file is as follows if i remove all the plugin data to leave just the wordpress normal will it let me in?????

    # BEGIN All In One WP Security
    #AIOWPS_BLOCK_WP_FILE_ACCESS_START
    <files license.txt>
    order allow,deny
    deny from all
    </files>
    <files wp-config-sample.php>
    order allow,deny
    deny from all
    </files>
    <files readme.html>
    order allow,deny
    deny from all
    </files>
    #AIOWPS_BLOCK_WP_FILE_ACCESS_END
    #AIOWPS_BASIC_HTACCESS_RULES_START
    <files .htaccess>
    order allow,deny
    deny from all
    </files>
    ServerSignature Off
    LimitRequestBody 10240000
    <files wp-config.php>
    order allow,deny
    deny from all
    </files>
    #AIOWPS_BASIC_HTACCESS_RULES_END
    #AIOWPS_PINGBACK_HTACCESS_RULES_START
    <IfModule mod_alias.c>
    RedirectMatch 403 /(.*)/xmlrpc\.php$
    </IfModule>
    #AIOWPS_PINGBACK_HTACCESS_RULES_END
    #AIOWPS_DISABLE_INDEX_VIEWS_START
    Options All -Indexes
    #AIOWPS_DISABLE_INDEX_VIEWS_END
    #AIOWPS_DISABLE_TRACE_TRACK_START
    RewriteEngine On
    RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
    RewriteRule .* – [F]
    #AIOWPS_DISABLE_TRACE_TRACK_END
    #AIOWPS_FORBID_PROXY_COMMENTS_START
    RewriteCond %{REQUEST_METHOD} =POST
    RewriteCond %{HTTP:VIA}%{HTTP:FORWARDED}%{HTTP:USERAGENT_VIA}%{HTTP:X_FORWARDED_FOR}%{HTTP:PROXY_CONNECTION} !^$ [OR]
    RewriteCond %{HTTP:XPROXY_CONNECTION}%{HTTP:HTTP_PC_REMOTE_ADDR}%{HTTP:HTTP_CLIENT_IP} !^$
    RewriteCond %{REQUEST_URI} !^/(wp-login.php|wp-admin/|wp-content/plugins/|wp-includes/).* [NC]
    RewriteRule .* – [F,NS,L]
    #AIOWPS_FORBID_PROXY_COMMENTS_END
    #AIOWPS_DENY_BAD_QUERY_STRINGS_START
    RewriteCond %{QUERY_STRING} tag= [NC,OR]
    RewriteCond %{QUERY_STRING} ftp: [NC,OR]
    RewriteCond %{QUERY_STRING} http: [NC,OR]
    RewriteCond %{QUERY_STRING} https: [NC,OR]
    RewriteCond %{QUERY_STRING} mosConfig [NC,OR]
    RewriteCond %{QUERY_STRING} ^.*(globals|encode|localhost|loopback).* [NC,OR]
    RewriteCond %{QUERY_STRING} (\;|’|\”|%22).*(request|insert|union|declare|drop) [NC]
    RewriteRule ^(.*)$ – [F,L]
    #AIOWPS_DENY_BAD_QUERY_STRINGS_END
    #AIOWPS_ADVANCED_CHAR_STRING_FILTER_START
    <IfModule mod_alias.c>
    RedirectMatch 403 \,
    RedirectMatch 403 \:
    RedirectMatch 403 \;
    RedirectMatch 403 \=
    RedirectMatch 403 \@
    RedirectMatch 403 \[
    RedirectMatch 403 \]
    RedirectMatch 403 \^
    RedirectMatch 403 \`
    RedirectMatch 403 \{
    RedirectMatch 403 \}
    RedirectMatch 403 \~
    RedirectMatch 403 \”
    RedirectMatch 403 \$
    RedirectMatch 403 \<
    RedirectMatch 403 \>
    RedirectMatch 403 \|
    RedirectMatch 403 \.\.
    RedirectMatch 403 \%0
    RedirectMatch 403 \%A
    RedirectMatch 403 \%B
    RedirectMatch 403 \%C
    RedirectMatch 403 \%D
    RedirectMatch 403 \%E
    RedirectMatch 403 \%F
    RedirectMatch 403 \%22
    RedirectMatch 403 \%27
    RedirectMatch 403 \%28
    RedirectMatch 403 \%29
    RedirectMatch 403 \%3C
    RedirectMatch 403 \%3E
    RedirectMatch 403 \%3F
    RedirectMatch 403 \%5B
    RedirectMatch 403 \%5C
    RedirectMatch 403 \%5D
    RedirectMatch 403 \%7B
    RedirectMatch 403 \%7C
    RedirectMatch 403 \%7D
    # COMMON PATTERNS
    Redirectmatch 403 \_vpi
    RedirectMatch 403 \.inc
    Redirectmatch 403 xAou6
    Redirectmatch 403 db\_name
    Redirectmatch 403 select\(
    Redirectmatch 403 convert\(
    Redirectmatch 403 \/query\/
    RedirectMatch 403 ImpEvData
    Redirectmatch 403 \.XMLHTTP
    Redirectmatch 403 proxydeny
    RedirectMatch 403 function\.
    Redirectmatch 403 remoteFile
    Redirectmatch 403 servername
    Redirectmatch 403 \&rptmode\=
    Redirectmatch 403 sys\_cpanel
    RedirectMatch 403 db\_connect
    RedirectMatch 403 doeditconfig
    RedirectMatch 403 check\_proxy
    Redirectmatch 403 system\_user
    Redirectmatch 403 \/\(null\)\/
    Redirectmatch 403 clientrequest
    Redirectmatch 403 option\_value
    RedirectMatch 403 ref\.outcontrol
    # SPECIFIC EXPLOITS
    RedirectMatch 403 errors\.
    RedirectMatch 403 config\.
    RedirectMatch 403 include\.
    RedirectMatch 403 display\.
    RedirectMatch 403 register\.
    Redirectmatch 403 password\.
    RedirectMatch 403 maincore\.
    RedirectMatch 403 authorize\.
    Redirectmatch 403 macromates\.
    RedirectMatch 403 head\_auth\.
    RedirectMatch 403 submit\_links\.
    RedirectMatch 403 change\_action\.
    Redirectmatch 403 com\_facileforms\/
    RedirectMatch 403 admin\_db\_utilities\.
    RedirectMatch 403 admin\.webring\.docs\.
    Redirectmatch 403 Table\/Latest\/index\.
    </IfModule>
    #AIOWPS_ADVANCED_CHAR_STRING_FILTER_END
    #AIOWPS_FIVE_G_BLACKLIST_START
    # 5G BLACKLIST/FIREWALL (2013)
    # @ https://perishablepress.com/5g-blacklist-2013/

    # 5G:[QUERY STRINGS]
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteCond %{QUERY_STRING} (\”|%22).*(<|>|%3) [NC,OR]
    RewriteCond %{QUERY_STRING} (javascript:).*(\;) [NC,OR]
    RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3) [NC,OR]
    RewriteCond %{QUERY_STRING} (\\|\.\./|`|=’$|=%27$) [NC,OR]
    RewriteCond %{QUERY_STRING} (\;|’|\”|%22).*(union|select|insert|drop|update|md5|benchmark|or|and|if) [NC,OR]
    RewriteCond %{QUERY_STRING} (base64_encode|localhost|mosconfig) [NC,OR]
    RewriteCond %{QUERY_STRING} (boot\.ini|echo.*kae|etc/passwd) [NC,OR]
    RewriteCond %{QUERY_STRING} (GLOBALS|REQUEST)(=|\[|%) [NC]
    RewriteRule .* – [F]
    </IfModule>

    # 5G:[USER AGENTS]
    <IfModule mod_setenvif.c>
    # SetEnvIfNoCase User-Agent ^$ keep_out
    SetEnvIfNoCase User-Agent (binlar|casper|cmsworldmap|comodo|diavol|dotbot|feedfinder|flicky|ia_archiver|jakarta|kmccrew|nutch|planetwork|purebot|pycurl|skygrid|sucker|turnit|vikspider|zmeu) keep_out
    <limit GET POST PUT>
    Order Allow,Deny
    Allow from all
    Deny from env=keep_out
    </limit>
    </IfModule>

    # 5G:[REQUEST STRINGS]
    <IfModule mod_alias.c>
    RedirectMatch 403 (https?|ftp|php)\://
    RedirectMatch 403 /(https?|ima|ucp)/
    RedirectMatch 403 /(Permanent|Better)$
    RedirectMatch 403 (\=\\\’|\=\\%27|/\\\’/?|\)\.css\()$
    RedirectMatch 403 (\,|\)\+|/\,/|\{0\}|\(/\(|\.\.\.|\+\+\+|\||\\\”\\\”)
    RedirectMatch 403 \.(cgi|asp|aspx|cfg|dll|exe|jsp|mdb|sql|ini|rar)$
    RedirectMatch 403 /(contac|fpw|install|pingserver|register)\.php$
    RedirectMatch 403 (base64|crossdomain|localhost|wwwroot|e107\_)
    RedirectMatch 403 (eval\(|\_vti\_|\(null\)|echo.*kae|config\.xml)
    RedirectMatch 403 \.well\-known/host\-meta
    RedirectMatch 403 /function\.array\-rand
    RedirectMatch 403 \)\;\$\(this\)\.html\(
    RedirectMatch 403 proc/self/environ
    RedirectMatch 403 msnbot\.htm\)\.\_
    RedirectMatch 403 /ref\.outcontrol
    RedirectMatch 403 com\_cropimage
    RedirectMatch 403 indonesia\.htm
    RedirectMatch 403 \{\$itemURL\}
    RedirectMatch 403 function\(\)
    RedirectMatch 403 labels\.rdf
    RedirectMatch 403 /playing.php
    RedirectMatch 403 muieblackcat
    </IfModule>

    # 5G:[REQUEST METHOD]
    <ifModule mod_rewrite.c>
    RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
    RewriteRule .* – [F]
    </IfModule>

    # 5G:[BAD IPS]
    <limit GET POST PUT>
    Order Allow,Deny
    Allow from all
    # uncomment/edit/repeat next line to block IPs
    # Deny from 123.456.789
    </limit>
    #AIOWPS_FIVE_G_BLACKLIST_END
    #AIOWPS_BLOCK_SPAMBOTS_START
    <IfModule mod_rewrite.c>
    RewriteCond %{REQUEST_METHOD} POST
    RewriteCond %{REQUEST_URI} ^(.*)?wp-comments-post\.php(.*)$
    RewriteCond %{HTTP_REFERER} !^https://(.*)?\.lolaromy\.com [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} ^$
    RewriteRule .* https://127.0.0.1 [L]
    </IfModule>
    #AIOWPS_BLOCK_SPAMBOTS_END
    #AIOWPS_LOGIN_WHITELIST_START
    <FilesMatch “^(wp-login\.php)”>
    Order Allow,Deny

    </FilesMatch>
    #AIOWPS_LOGIN_WHITELIST_END
    # END All In One WP Security

    # BEGIN WordPress
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.php$ – [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
    </IfModule>

    # END WordPress

Viewing 3 replies - 1 through 3 (of 3 total)