.htaccess: Invalid command ‘SGS’

  • Resolved kemeng

    (@kemeng)


    2 years, 11 months ago

    Hi there,

    Brief:
    – Installed this plugin (for take a look) and broke the access for WP admin (with Auth Error msg. Only accessable from SG’s site.
    – I am not an expert

    Provider:
    – Siteground with last PHP/WP version

    Installed sec plugins (using without problem):
    – Wordfence
    – Webcraftic Hide Login Page

    How the problem accured:
    Tought the similar function of Hide Login Page plugin although I am not 100% sure (see it below). Did not change wp admin address in SG Security.

    Soution, deactivate SG Security and reset Webcraftic Hide Login (ie custom login address).

    Seems to me these constants added by SG Security in .htaccess caused the issue (since by adding manually to the file resulting the same error above):

    # SGS HSTS Header Service
    Header set Strict-Transport-Security “max-age=10886400; preload”
    # SGS HSTS Header Service END

    # SGS XSS Header Service
    <IfModule mod_headers.c>
    # SGS XSS
    Header always set X-Content-Type-Options “nosniff”
    Header set X-XSS-Protection “1; mode=block”
    # SGS XSS END
    </IfModule>
    # SGS XSS Header Service END

    I DID HAVE ALREADY THESE (similar) COSTANTS (may overlap?)
    # X-XSS-Protection
    Header set X-XSS-Protection “1; mode=block”

    # prevent Content Type sniffing
    Header set X-Content-Type-Options nosniff`

    Error log in Site Tools:
    2021-12-10 22:27:17 UTC [apache][core:alert] [pid 10488] [client 112.198.97.4:46356] /home/u703-xxxxxx/www/domain.com/public_html/.htaccess: Invalid command ‘SGS’, perhaps misspelled or defined by a module not included in the server configuration, referer: https://www.domain.com/wp-admin/

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author Stoyan Georgiev

    (@stoyangeorgiev)

    Hey there @kemeng,

    Duplicating plugin functionalities can sometimes lead to unexpected behavior, so make sure you are not using multiple plugins for one thing.

    If you are adding rules to the htaccess file, make sure the rules are not misspelled as mentioned by the error.

    I would suggest disabling overlapping functionalities. For example, if you wish to use a custom login URL, disable all other plugins doing the same and enable it through the SiteGround Security plugin interface. The same goes for the other optimizations.

    If you have issues after that, you can always reopen the thread so we can further investigate.

    Thread Starter kemeng

    (@kemeng)

    Hi there,

    Thanks for your responding!

    Would bring to your attention:

    # SGS HSTS Header Service
Header set Strict-Transport-Security “max-age=10886400; preload”
# SGS HSTS Header Service END

# SGS XSS Header Service
<IfModule mod_headers.c>
# SGS XSS
Header always set X-Content-Type-Options “nosniff”
Header set X-XSS-Protection “1; mode=block”
# SGS XSS END
</IfModule>
# SGS XSS Header Service END

    Made by SG Security in .htaccess (which I believe belongings for super secure https, plus xss protection option)

    Then you get error in Site Tools:
    2021-12-10 22:27:17 UTC [apache][core:alert] [pid 10488] [client 112.198.97.4:46356] /home/u703-xxxxxx/www/domain.com/public_html/.htaccess: Invalid command ‘SGS’, perhaps misspelled or defined by a module not included in the server configuration, referer:?https://www.domain.com/wp-admin/

    I dont have idea how the “SGS invaild command” refers to “wp-admin”. As I said I am not expert at all.

    Many people have plugin for hiding login page and if you add SG Security (for a try and you dont know all its features – very possible) you can lock out urself from admin login (through given address)

    That is not good.

    • This reply was modified 2 years, 11 months ago by kemeng.
    • This reply was modified 2 years, 11 months ago by kemeng.
    • This reply was modified 2 years, 11 months ago by kemeng.
    Thread Starter kemeng

    (@kemeng)

    Just two things more:

    – I got the point, dont overlap. Hope you getting mine as a “normal/nooby wp user” too

    – Webcraftic Hide Login Page has good option: it generates a secure url to reset the custom login address to the default (for case).

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘.htaccess: Invalid command ‘SGS’’ is closed to new replies.