LuciFit

Great. I understand.

Thanks for the correction and I went ahead and changed it.
SO HAPPY that these guys aren’t going to be screwing up my Google Analytics now!!!

Thanks so much for your help. You are always so helpful.

Hi.
Thanks for this info. I read the article. I want to block semalt.com as well as buttonsforwebsite.com

This is what I put into the CUSTOM CODE BOTTOM HOTLINKING/FORBID COMMENT SPAMMERS/BLOCK BOTS/BLOCK IP/REDIRECT CODE: Add miscellaneous code here

RewriteCond %{HTTP_REFERER} ^.*(semalt\.com|buttons-for-website.com.).*$ [NC]
RewriteRule ^(.*)$ – [F]

I didn’t include the first line with the hashtag because the directions on BPS told me not to.
Did I do this right?

Thank you…

Awesome. Thank you so much for explaining all of this. I really didn’t feel that I had a solid grasp on what was going on with my security. I feel pretty good about my protection now, and I feel like I understand what’s going on with it.

OK. It confused me because it says “BulletProof Mode for the wp-admin folder MUST also be activated when you have BulletProof Mode activated for the Root folder.”

So… I’m protected, yes?

This is really great. Thank you – from all of us who needed this!!
I updated the BPS plugin. Then went to the new section and selected deactivate wp-admin.htaccess. Saved it.
Just to let you know that when I go into the security status I still get the red letters: “ERROR: An htaccess file was NOT found in your wp-admin folder.
BulletProof Mode for the wp-admin folder MUST also be activated when you have BulletProof Mode activated for the Root folder.”

I get this: An .htaccess file was not found in your wp-admin folder.

oh. I found it.

I’m not sure where the htaccess file editor tab page is?

1.) Yes. I can add a widget. Yes I can add it successfully.
2.) I can activate and deactivate the BPS plugin.

yes. the faster speed is the first thing that attracted me to the product. I like the fact that they don’t allow plugins that they deem could damage the site. For me, as a non-developer/coder/web person, this is super helpful.

But, this makes me wonder if they are blocking BPS from changing the core files (htaccess) when I try to enable it.

Do you think, with all they are doing with Managed WordPress, that it’s redundant for me to also have BPS?

(Anytime you want to answer with a jingle, I’m up for it. ?? )

Hi,thank you for your reply.
You’re right, I’m using Managed WordPress. And yes, they also do daily backups.

You weren’t on the list for blacklisted plugins.

I also called them and asked about you (2x now). They said they can’t guarantee that they can offer the security that you provide (in fact, they’ll readily admit that they can’t comment much on security because this isn’t their area) but they do the backups daily if any trouble occurs so one can roll the clock back by 30 days at most.

They really don’t know much else about why I can’t activate the we-admin security mode. One GoDaddy professional said he could go in the back way (via ftp) and change the access file to a backup and then he could load your new one. However, this is where it gets a bit to techy for me and I don’t trust myself to do that.

Great. THANK YOU so much for your quick reply. I’ll take care of that now.

Hi, Ben,
I’m not a developer (so please excuse me if I’m asking a silly question). Does this new feature mean that I can somehow put a custom background picture onto the password protect page?

It seems like Wordfence might be caught in some kind of a loop?

Here’s something that might help. Not sure. I just received the error log from BPS security. (I am definitely not adept at reading these things). I got more than 200 errors like this yesterday. With about 15 in the course of one minute.
Here is what it said (without the top part that says my ip address):

HTTP_REFERER: https://lucifit.com/wp-admi/admin.php?page=WordfenceSecOpt
REQUEST_URI: /wp-admin/admin-ajax.php
QUERY_STRING:
HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:27.0) Gecko/20100101 Firefox/27.0