Sucuri Allow Blocked PHP Files

Hi @jaxjames1

you can just append this onto the end of the htaccess file

<FilesMatch “^(gtranslate.php|config.php)$”>
Allow from all
</FilesMatch>

Hi @sucuri1

I just copy-pasted that code into the .htaccess file (I assume it’s the .htaccess file directly inside the /public_html directory), and turned on the hardening features again but we are still getting a 403 error.

What am I doing wrong?

@jaxjames1 It’s possible that when you turned on the hardening features again it overwrote the changes you made to the file, could you provide the full file contents so we can verify?

@sucuri1 you mean the file contents of the files mentioned above? Or the .htaccess contents?

• This reply was modified 6 months ago by JaxJames.

@sucuri1 I’ve tried both ways:

• Update .htaccess and then enabling the hardening feature
• Enabling the hardening feature and then updating the .htaccess

Both ways still result in the 403 error page.

@jaxjames1?Thank you for trying both jax, could you provide the full .htaccess file content so we can verify?

@sucuri1 Sure thing, .htaccess code is below.

### BEGIN GTranslate config ###
RewriteRule ^(af|sq|am|ar|hy|az|eu|be|bn|bs|bg|ca|ceb|ny|zh-CN|zh-TW|co|hr|cs|da|nl|en|eo|et|tl|fi|fr|fy|gl|ka|de|el|gu|ht|ha|haw|iw|hi|hmn|hu|is|ig|id|ga|it|ja|jw|kn|kk|km|ko|ku|ky|lo|la|lv|lt|lb|mk|mg|ms|ml|mt|mi|mr|mn|my|ne|no|ps|fa|pl|pt|pa|ro|ru|sm|gd|sr|st|sn|sd|si|sk|sl|so|es|su|sw|sv|tg|ta|te|th|tr|uk|ur|uz|vi|cy|xh|yi|yo|zu)/(af|sq|am|ar|hy|az|eu|be|bn|bs|bg|ca|ceb|ny|zh-CN|zh-TW|co|hr|cs|da|nl|en|eo|et|tl|fi|fr|fy|gl|ka|de|el|gu|ht|ha|haw|iw|hi|hmn|hu|is|ig|id|ga|it|ja|jw|kn|kk|km|ko|ku|ky|lo|la|lv|lt|lb|mk|mg|ms|ml|mt|mi|mr|mn|my|ne|no|ps|fa|pl|pt|pa|ro|ru|sm|gd|sr|st|sn|sd|si|sk|sl|so|es|su|sw|sv|tg|ta|te|th|tr|uk|ur|uz|vi|cy|xh|yi|yo|zu)/(.*)$ /$1/$3 [R=301,L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(af|sq|am|ar|hy|az|eu|be|bn|bs|bg|ca|ceb|ny|zh-CN|zh-TW|co|hr|cs|da|nl|en|eo|et|tl|fi|fr|fy|gl|ka|de|el|gu|ht|ha|haw|iw|hi|hmn|hu|is|ig|id|ga|it|ja|jw|kn|kk|km|ko|ku|ky|lo|la|lv|lt|lb|mk|mg|ms|ml|mt|mi|mr|mn|my|ne|no|ps|fa|pl|pt|pa|ro|ru|sm|gd|sr|st|sn|sd|si|sk|sl|so|es|su|sw|sv|tg|ta|te|th|tr|uk|ur|uz|vi|cy|xh|yi|yo|zu)/(.*)$ /wp-content/plugins/gtranslate/url_addon/gtranslate.php?glang=$1&gurl=$2 [L,QSA]
RewriteRule ^(af|sq|am|ar|hy|az|eu|be|bn|bs|bg|ca|ceb|ny|zh-CN|zh-TW|co|hr|cs|da|nl|en|eo|et|tl|fi|fr|fy|gl|ka|de|el|gu|ht|ha|haw|iw|hi|hmn|hu|is|ig|id|ga|it|ja|jw|kn|kk|km|ko|ku|ky|lo|la|lv|lt|lb|mk|mg|ms|ml|mt|mi|mr|mn|my|ne|no|ps|fa|pl|pt|pa|ro|ru|sm|gd|sr|st|sn|sd|si|sk|sl|so|es|su|sw|sv|tg|ta|te|th|tr|uk|ur|uz|vi|cy|xh|yi|yo|zu)$ /$1/ [R=301,L]
### END GTranslate config ###

#BEGIN Really Simple SSL LETS ENCRYPT
RewriteRule ^.well-known/(.*)$ - [L]
#END Really Simple SSL LETS ENCRYPT
# BEGIN LSCACHE
## LITESPEED WP CACHE PLUGIN - Do not edit the contents of this block! ##
<IfModule LiteSpeed>
RewriteEngine on
CacheLookup on
RewriteRule .* - [E=Cache-Control:no-autoflush]
RewriteRule \.litespeed_conf\.dat - [F,L]

### marker ASYNC start ###
RewriteCond %{REQUEST_URI} /wp-admin/admin-ajax\.php
RewriteCond %{QUERY_STRING} action=async_litespeed
RewriteRule .* - [E=noabort:1]
### marker ASYNC end ###

### marker CACHE RESOURCE start ###
RewriteRule wp-content/.*/[^/]*(responsive|css|js|dynamic|loader|fonts)\.php - [E=cache-control:max-age=3600]
### marker CACHE RESOURCE end ###

### marker DROPQS start ###
CacheKeyModify -qs:fbclid
CacheKeyModify -qs:gclid
CacheKeyModify -qs:utm*
CacheKeyModify -qs:_ga
### marker DROPQS end ###

</IfModule>
## LITESPEED WP CACHE PLUGIN - Do not edit the contents of this block! ##
# END LSCACHE
# BEGIN NON_LSCACHE
## LITESPEED WP CACHE PLUGIN - Do not edit the contents of this block! ##
## LITESPEED WP CACHE PLUGIN - Do not edit the contents of this block! ##
# END NON_LSCACHE
# This file was updated by Duplicator Pro on 2023-06-19 16:21:31.
# See the original_files_ folder for the original source_site_htaccess file.

#Begin Really Simple Security
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTPS} !=on [NC]
RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]
</IfModule>

Options -Indexes
#End Really Simple Security
# BEGIN WordPress
# The directives (lines) between "BEGIN WordPress" and "END WordPress" are
# dynamically generated, and should only be modified via WordPress filters.
# Any changes to the directives between these markers will be overwritten.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress
AddHandler application/x-httpd-ea-php81 .php .php8 .phtml
RewriteCond %{HTTP_HOST} ^brainhealthhub\.com\.au$ [OR]
RewriteCond %{HTTP_HOST} ^www\.brainhealthhub\.com\.au$
RewriteRule ^projects\/brain\-bootcamp\-legacy\/brain\-bootcamp\-legacy\-proof\/$ "https\:\/\/brainhealthhub\.com\.au\/projects\/brain\-bootcamp\-legacy\/proof\/" [R=301,L]
RewriteCond %{HTTP_HOST} ^brainhealthhub\.com\.au$ [OR]
RewriteCond %{HTTP_HOST} ^www\.brainhealthhub\.com\.au$
RewriteRule ^projects\/brain\-bootcamp\-frontiers\/brain\-bootcamp\-frontiers\-enrol\-now\/$ "https\:\/\/brainhealthhub\.com\.au\/projects\/brain\-bootcamp\-frontiers\/enrol\-now\/" [R=301,L]
RewriteCond %{HTTP_HOST} ^brainhealthhub\.com\.au$ [OR]
RewriteCond %{HTTP_HOST} ^www\.brainhealthhub\.com\.au$
RewriteRule ^projects\/brain\-bootcamp\-frontiers\/brain\-bootcamp\-frontiers\-further\-reading\/$ "https\:\/\/brainhealthhub\.com\.au\/projects\/brain\-bootcamp\-frontiers\/further\-reading\/" [R=301,L]

# php -- BEGIN cPanel-generated handler, do not edit
# Set the “ea-php81” package as the default “PHP” programming language.
<IfModule mime_module>
  AddHandler application/x-httpd-ea-php81 .php .php8 .phtml
</IfModule>
# php -- END cPanel-generated handler, do not edit

<FilesMatch "^(gtranslate.php|config.php)$">
Allow from all
</FilesMatch>

Does this help?

Hi @sucuri1 , does the above file contents help?

@jaxjames1 Yes, it helps. We’re taking a look at it now and we’ll have a answer soon.

Hi @sucuri1 , just a friendly check-in to see if you had a response to this yet?

Hi @jaxjames1 You need to put the content below

<FilesMatch “^(gtranslate.php|config.php)$”>
Allow from all
</FilesMatch>

in

./wp-content/.htaccess

not

./.htaccess

And if the issue still persist please provide the contents from the…….. wp-content/.htaccess file

@sucuri1 , trialling this now.

• This reply was modified 5 months, 3 weeks ago by JaxJames.

@sucuri1 , this is still causing the 403 issue.

There was no .htaccess file in the /wp-content directory, so I just created a new file and entered the code provided.

Here’s the /wp-content/.htaccess file content:

<FilesMatch "^(gtranslate.php|config.php)$">
Allow from all
</FilesMatch>

Is there anything incorrect in this?

@sucuri1 , is there a way to simply enter the direct file paths of the files that needs to be excluded from the block list?

Hi @sucuri1 , is there a fix for this? Or have done something incorrectly?