JonLPD

Forum Replies Created

Viewing 2 replies - 1 through 2 (of 2 total)
  • Thread Starter JonLPD

    (@jonlpd)

    then temporarily disable the Protect System Files setting in the System Tweaks section on the iTSec plugin Settings page as indicated by Gerroald.

    That worked and let me install. I’ll make sure it all works properly once i’ve turned this back on and let you know.

    Thanks!

    Thread Starter JonLPD

    (@jonlpd)

    Hey, The 403 error im getting is: You don’t have permission to access /advocacyforyoungpeople/wp-admin/install.php on this server.

    I dont think there is a problem with the plugin. I just need to it ignore the subdirectory /advocacyforyoungpeople

    Here is the iThemes code I’m using in the htaccess:

    # BEGIN iThemes Security – Do not modify or remove this line
    # iThemes Security Config Details: 2
    # Ban Hosts – Security > Settings > Banned Users
    SetEnvIF REMOTE_ADDR “^81\.45\.182\.213$” DenyAccess
    SetEnvIF X-FORWARDED-FOR “^81\.45\.182\.213$” DenyAccess
    SetEnvIF X-CLUSTER-CLIENT-IP “^81\.45\.182\.213$” DenyAccess

    SetEnvIF REMOTE_ADDR “^42\.63\.209\.13$” DenyAccess
    SetEnvIF X-FORWARDED-FOR “^42\.63\.209\.13$” DenyAccess
    SetEnvIF X-CLUSTER-CLIENT-IP “^42\.63\.209\.13$” DenyAccess

    <IfModule mod_authz_core.c>
    <RequireAll>
    Require all granted
    Require not env DenyAccess
    Require not ip 81.45.182.213
    Require not ip 42.63.209.13
    </RequireAll>
    </IfModule>
    <IfModule !mod_authz_core.c>
    Order allow,deny
    Allow from all
    Deny from env=DenyAccess
    Deny from 81.45.182.213
    Deny from 42.63.209.13
    </IfModule>

    # Enable the hide backend feature – Security > Settings > Hide Login Area > Hide Backend
    RewriteRule ^(/)?login/?$ /wp-login.php [QSA,L]

    # Protect System Files – Security > Settings > System Tweaks > System Files
    <files .htaccess>
    <IfModule mod_authz_core.c>
    Require all denied
    </IfModule>
    <IfModule !mod_authz_core.c>
    Order allow,deny
    Deny from all
    </IfModule>
    </files>
    <files readme.html>
    <IfModule mod_authz_core.c>
    Require all denied
    </IfModule>
    <IfModule !mod_authz_core.c>
    Order allow,deny
    Deny from all
    </IfModule>
    </files>
    <files readme.txt>
    <IfModule mod_authz_core.c>
    Require all denied
    </IfModule>
    <IfModule !mod_authz_core.c>
    Order allow,deny
    Deny from all
    </IfModule>
    </files>
    <files install.php>
    <IfModule mod_authz_core.c>
    Require all denied
    </IfModule>
    <IfModule !mod_authz_core.c>
    Order allow,deny
    Deny from all
    </IfModule>
    </files>
    <files wp-config.php>
    <IfModule mod_authz_core.c>
    Require all denied
    </IfModule>
    <IfModule !mod_authz_core.c>
    Order allow,deny
    Deny from all
    </IfModule>
    </files>

    # Disable XML-RPC – Security > Settings > WordPress Tweaks > XML-RPC
    <files xmlrpc.php>
    <IfModule mod_authz_core.c>
    Require all denied
    </IfModule>
    <IfModule !mod_authz_core.c>
    Order allow,deny
    Deny from all
    </IfModule>
    </files>

    # Disable Directory Browsing – Security > Settings > System Tweaks > Directory Browsing
    Options -Indexes

    <IfModule mod_rewrite.c>
    RewriteEngine On

    # Protect System Files – Security > Settings > System Tweaks > System Files
    RewriteRule ^wp-admin/includes/ – [F]
    RewriteRule !^wp-includes/ – [S=3]
    RewriteCond %{SCRIPT_FILENAME} !^(.*)wp-includes/ms-files.php
    RewriteRule ^wp-includes/[^/]+\.php$ – [F]
    RewriteRule ^wp-includes/js/tinymce/langs/.+\.php – [F]
    RewriteRule ^wp-includes/theme-compat/ – [F]

    # Disable PHP in Uploads – Security > Settings > System Tweaks > Uploads
    RewriteRule ^wp\-content/uploads/.*\.(?:php[1-6]?|pht|phtml?)$ – [NC,F]

    # Filter Request Methods – Security > Settings > System Tweaks > Request Methods
    RewriteCond %{REQUEST_METHOD} ^(TRACE|DELETE|TRACK) [NC]
    RewriteRule ^.* – [F]

    # Filter Suspicious Query Strings in the URL – Security > Settings > System Tweaks > Suspicious Query Strings
    RewriteCond %{QUERY_STRING} \.\.\/ [NC,OR]
    RewriteCond %{QUERY_STRING} ^.*\.(bash|git|hg|log|svn|swp|cvs) [NC,OR]
    RewriteCond %{QUERY_STRING} etc/passwd [NC,OR]
    RewriteCond %{QUERY_STRING} boot\.ini [NC,OR]
    RewriteCond %{QUERY_STRING} ftp\: [NC,OR]
    RewriteCond %{QUERY_STRING} http\: [NC,OR]
    RewriteCond %{QUERY_STRING} https\: [NC,OR]
    RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|%3D) [NC,OR]
    RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [NC,OR]
    RewriteCond %{QUERY_STRING} ^.*(%24&x).* [NC,OR]
    RewriteCond %{QUERY_STRING} ^.*(127\.0).* [NC,OR]
    RewriteCond %{QUERY_STRING} ^.*(globals|encode|localhost|loopback).* [NC,OR]
    RewriteCond %{QUERY_STRING} ^.*(request|concat|insert|union|declare).* [NC]
    RewriteCond %{QUERY_STRING} !^loggedout=true
    RewriteCond %{QUERY_STRING} !^action=jetpack-sso
    RewriteCond %{QUERY_STRING} !^action=rp
    RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in_.*$
    RewriteCond %{HTTP_REFERER} !^https://maps\.googleapis\.com(.*)$
    RewriteRule ^.* – [F]

    # Filter Non-English Characters – Security > Settings > System Tweaks > Non-English Characters
    RewriteCond %{QUERY_STRING} ^.*(%0|%A|%B|%C|%D|%E|%F).* [NC]
    RewriteRule ^.* – [F]

    # Reduce Comment Spam – Security > Settings > System Tweaks > Comment Spam
    RewriteCond %{REQUEST_METHOD} POST
    RewriteCond %{REQUEST_URI} /wp-comments-post\.php$
    RewriteCond %{HTTP_USER_AGENT} ^$ [OR]
    RewriteCond %{HTTP_REFERER} !^https?://(([^/]+\.)?advocacymatters\.co\.uk|jetpack\.wordpress\.com/jetpack-comment)(/|$) [NC]
    RewriteRule ^.* – [F]
    </IfModule>
    # END iThemes Security – Do not modify or remove this line

Viewing 2 replies - 1 through 2 (of 2 total)