htaccess madness – After Bulletproff Security

  • Hi,
    Let’s be frank : i am not an htaccess expert.

    I had installed BulletProof Security on a site with another plugin, “Hide My WordPress”. Both modify the htaccess.
    I have had some issues using Bbpress and as far as I know, Bulletproof modifications on htaccess some times may cause issues. That’s why I deactivated it.

    I found a very weird htaccess the with 12 times the same (usual patern.) Here it is :

    #   BULLETPROOF .47.4 >>>>>>> SECURE .HTACCESS     

# If you edit the  BULLETPROOF .47.4 >>>>>>> SECURE .HTACCESS text above
# you will see error messages on the BPS Security Status page
# BPS is reading the version number in the htaccess file to validate checks
# If you would like to change what is displayed above you
# will need to edit the BPS /includes/functions.php file to match your changes
# If you update your WordPress Permalinks the code between BEGIN WordPress and
# END WordPress is replaced by WP htaccess code.
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress
# This removes all of the BPS security code and replaces it with just the default WP htaccess code
# To restore this file use BPS Restore or activate BulletProof Mode for your Root folder again.

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress

# BLOCK HOTLINKING TO IMAGES
# To Test that your Hotlinking protection is working visit https://altlab.com/htaccess_tutorial.html
#RewriteEngine On
#RewriteCond %{HTTP_REFERER} !^https?://(www\.)?add-your-domain-here\.com [NC]
#RewriteCond %{HTTP_REFERER} !^$
#RewriteRule .*\.(jpeg|jpg|gif|bmp|png)$ - [F]

# BLOCK MORE BAD BOTS RIPPERS AND OFFLINE BROWSERS
# If you would like to block more bad bots you can get a blacklist from
# https://perishablepress.com/press/2007/06/28/ultimate-htaccess-blacklist/
# You should monitor your site very closely for at least a week if you add a bad bots list
# to see if any website traffic problems or other problems occur.
# Copy and paste your bad bots user agent code list directly below.

    Sorry, it is long.

    Well I tried to replace it by my usual standard htaccess. See :

    SetEnv PHP_VER 5
SetEnv REGISTER_GLOBALS 0

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress

    The first two lines are necessary on my host I heard.

    YHere is what I get when I try to modify anything in my site. (I can brows it normally though.)

    Warning: Cannot modify header information – headers already sent by (output started at /home/myDomain/www/wp-content/themes/Avada-Child-Theme/functions.php:1) in /home/euroisme/www/wp-includes/pluggable.php on line 1121

    What is wrong in my (lovely and charming) htaccess that is not in the (ugly and awkward) post-BulletProof one ?

    Thanks for any help
    (And sorry for the long quote)

Viewing 5 replies - 1 through 5 (of 5 total)

  • I don’t think it’s your .htaccess at all, I think you may have a blank line in your /home/myDomain/www/wp-content/themes/Avada-Child-Theme/functions.php on line 1.

    The first thing I would do is check that file to make sure there isn’t a blank line before the opening <?php or after the closing ?>.

    I would delete delete BulletProof Security plugin as well as the lines pertaining to the plugin in your .htcaccess file and try reinstalling the plugin if you still want it. Personally, I would recommend WordFence for WordPress security. But that’s just me.

    Thread Starter minutepapillon

    (@minutepapillon)

    Thanks for your answers guys !

    LinuxForMe2, you were right ! There was a blank line. I deleted it, put back the standard htaccess and the problem was gone.
    Please, can you tell me why a simple blank line is so bad ?
    Is it php stuff or WP stuff (i am not a php guru, I must admit it …)

    Mark,
    I agree with you totally. I was planning to remove BulletProof and install Wordfence instead. (There was no Wordfence I was aware of when I installed that site … but now, there is !)

    Thanks again for your two answers !
    ??

    I’m glad you got it fixed. The blank line in the PHP file is a PHP thing, not a WordPress thing, though since WordPress runs on PHP, it can obviously vex WordPress as well. What happens is that the blank line outside of the PHP tags is output as HTML, so some HTML was being sent to the browser prematurely via your functions.php file causing the infamous “headers already sent” error.

    The key is to make sure you don’t have any blank lines in your pages before or after the PHP tags unless you’re dealing with a page that is supposed to output HTML.

    Thread Starter minutepapillon

    (@minutepapillon)

    Linux4me2, Thanks for your explanation.
    I understand. Feels good to understand. It would have taken quite a few days to find out myself. ??
    I’ll keep this in mind :
    No extra blank line in php files except in HTML outputting ones.
    So be it.
    Have a nice day (or night).

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘htaccess madness – After Bulletproff Security’ is closed to new replies.