cheaplt

Hi i am not sure but i think this code makes all urls https i could be wrong, i dont know how to route specific http to be https

RewriteEngine On
RewriteCond %{HTTPS} !on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

Okay thank you for clearing that up, i finished your instructions and then created the hta file and activated and now my website is protected =D i am very happy! Issue resolved ??

Hi i ran into a couple of blockades, can you help me diagnose how i should do this.
Do i include the last 4 lines of this QUERY STRING code in the custom code area?

RewriteCond %{QUERY_STRING} (sp_executesql) [NC]
RewriteRule ^(.*)$ – [F,L]
# END BPSQSE BPS QUERY STRING EXPLOITS
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
# WP REWRITE LOOP END

Also in the custom code area for DENY BROWSER Access:

do i include the last 2 lines of this code?

# DENY BROWSER ACCESS TO THESE FILES
# wp-config.php, bb-config.php, php.ini, php5.ini, readme.html
# Replace Allow from 88.77.66.55 with your current IP address and remove the
# pound sign # from in front of the Allow from line of code below to access these
# files directly from your browser.

<FilesMatch “^(wp-config\.php|php\.ini|php5\.ini|readme\.html|bb-config\.php)”>
Order allow,deny
Deny from all
#Allow from 88.77.66.55
</FilesMatch>

# IMPORTANT!!! DO NOT DELETE!!! the END WordPress text below
# END WordPress

Thanks for your help thus far very helpful!

Sorry mate, i just got back from work. Im about to start following your hta instructions i will update on this!

Okay thank you very much i have sent you the email. Im also uninstalling BetterWP Security. Again your plugin is amazing, i am very grateful for this wonderful plugin you’ve created.

I think BPS is the best plugin for WordPress! How would i include this code in my hta? i really want to use BPS for my website, do i just copy and paste that code above in the bottom of my root hta file? Your guidance is truly appreciated.

I did a search for it and i couldn’t seem to find the query code you mentioned, what should i do?

Okay it is now at the very top =D, does this mean my site is protected now regardless of the notice?

Oh, so currently even thought it says that notice, my site is being protected?

also i may of confused you, this code is above the BPS code you mentioned, should i remove it for the BPS to work properly

# BULLETPROOF .49 >>>>>>> SECURE .HTACCESS

# If you edit the BULLETPROOF .49 >>>>>>> SECURE .HTACCESS text above
# you will see error messages on the BPS Security Status page
# BPS is reading the version number in the htaccess file to validate checks
# If you would like to change what is displayed above you
# will need to edit the BPS /includes/functions.php file to match your changes
# If you update your WordPress Permalinks the code between BEGIN WordPress and
# END WordPress is replaced by WP htaccess code.
# BEGIN WordPress

Sorry mate forgot to mention this was right below the better WP code

# BULLETPROOF .49 >>>>>>> SECURE .HTACCESS

# If you edit the BULLETPROOF .49 >>>>>>> SECURE .HTACCESS text above
# you will see error messages on the BPS Security Status page
# BPS is reading the version number in the htaccess file to validate checks
# If you would like to change what is displayed above you
# will need to edit the BPS /includes/functions.php file to match your changes
# If you update your WordPress Permalinks the code between BEGIN WordPress and
# END WordPress is replaced by WP htaccess code.
# BEGIN WordPress

isn’t this the same thing? im a bit confused sorry.

on my Current Root htaccess file this is above the BULLET PROOF .49.2 code

# BEGIN Better WP Security
Order Allow,Deny
Deny from env=DenyAccess
Allow from all
SetEnvIF REMOTE_ADDR “^69\.170\.53\.187$” DenyAccess
SetEnvIF X-FORWARDED-FOR “^69\.170\.53\.187$” DenyAccess
SetEnvIF X-CLUSTER-CLIENT-IP “^69\.170\.53\.187$” DenyAccess
SetEnvIF REMOTE_ADDR “^76\.254\.45\.70$” DenyAccess
SetEnvIF X-FORWARDED-FOR “^76\.254\.45\.70$” DenyAccess
SetEnvIF X-CLUSTER-CLIENT-IP “^76\.254\.45\.70$” DenyAccess
<IfModule mod_rewrite.c>
RewriteEngine On

RewriteCond %{HTTP_USER_AGENT} ^69\\\\\\\\\\\\\\\\\\\\\.170\\\\\\\\\\\\\\\\\\\\\.53\\\\\\\\\\\\\\\\\\\\\.187 [NC]
RewriteRule ^(.*)$ – [F,L]

</IfModule>
# END Better WP Security

Im not sure what my hosting server added so i wont beable to put any custom codes anywhere =(.

Yeah they added alot, and im not sure what they added and what they didn’t. can i send this hta code through personal message, i am unsure if it leaks sensitive data or not.

Here is the information you requested

Website Root Folder: https://www.proxy.com
Document Root Path: /home/cheaplt/public_html
WP ABSPATH: /home/cheaplt/public_html/
Parent Directory: /home/cheaplt
Server / Website IP Address: xxx.xxx.xxx.xxx
Host by Address: xxx.xxx.xxx.xxx
DNS Name Server: ns1.proxy.com
Public IP / Your Computer IP Address: xxx.xxx.xxx.xxx
Server Type: Apache/2.2.25 (Unix) mod_ssl/2.2.25 OpenSSL/0.9.8e-fips-rhel5 DAV/2 mod_bwlimited/1.4
Operating System: Linux
Server API: cgi-fcgi – Your Host Server is using CGI.
cURL: cURL Extension is Loaded
Zend Engine Version: 2.3.0
Zend Guard/Optimizer: A Zend Extension is Not Loaded
ionCube Loader: ionCube Loader Extension is Loaded Version: 40401
Suhosin: Suhosin is Not Installed/Loaded
APC: APC Extension is Not Loaded
eAccelerator: eAccelerator Extension is Not Loaded
XCache: XCache Extension is Loaded but Not Enabled
Varnish: Varnish Extension is Not Loaded
Memcache: Memcache Extension is Not Loaded
Memcached: Memcached Extension is Not Loaded

I took out my IP and domain from the copy and paste.

heres a better example i want to change ‘/wp-content/uploads/2013/07/bronze_3.png’ that to something like this ‘/CjlKsdF/uploads/2013/07/bronze_3.png’

Okay thank you.