Plugin Author
AITpro
(@aitpro)
Go to the BPS htaccess Core page >>> click the htaccess File Editor tab page >>> click the Turn Off AutoLock button.
Lock / Unlock .htaccess Files
If your Server API is using CGI then you will see Lock and Unlock buttons to lock your Root htaccess file with 404 Permissions and unlock your root htaccess file with 644 Permissions. If your Server API is using CLI – DSO / Apache / mod_php then you will not see lock and unlock buttons. 644 Permissions are required to write to / edit the root htaccess file. Once you are done editing your root htaccess file use the lock button to lock it with 404 Permissions. 644 Permissions for DSO are considered secure for DSO because of the different way that file security is handled with DSO.
If your Root htaccess file is locked and you try to save your editing changes you will see a pop message that your Root htaccess file is locked. You will need to unlock your Root htaccess file before you can save your changes.
Turn On AutoLock / Turn Off AutoLock
AutoLock is designed to automatically lock your root .htaccess file to save you an additional step of locking your root .htaccess file when performing certain actions, tasks or functions and AutoLock also automatically locks your root .htaccess during BPS Pro upgrades. This can be a problem for some folks whose Web Hosts do not allow locking the root .htaccess file with 404 file permissions and can cause 403 errors and/or cause a website to crash. For 99.99% of folks leaving AutoLock turned On will work fine. If your Web Host ONLY allows 644 file permissions for your root .htaccess file then click the Turn Off AutoLock button. This turns Off AutoLocking for all BPS actions, tasks, functions and also for BPS Pro upgrades.
The File Editor is designed to open all of your htaccess files simultaneously and allow you to copy and paste from one window (file) to another window (file), BUT you can ONLY save your edits for one file at a time. Whichever file you currently have opened (the tab that you are currently viewing) when you click the Update File button is the file that will be updated / saved.
Help links and Video Tutorial links are provided on the Help & FAQ page
I am not quite sure I understand, but I did find the Lock/Unlock buttons. I turned off autolock but did not know what, if anything, I should edit in the .htaccess file(s). And when I then locked the .htaccess fle, I got locked out of my site again with the 403 error. So I went back and changed my root .htaccess file permission from 404 to 644 again at my host site. And now I have access again – until the next BP update I guess. So am I to understand that I just need to leave it unlocked? Or is there something I need to change in the actual .htaccess file? Or will I just keep having to do this – change permissions on my host site back to 644? It obviously will not work at 404 – although I am quite sure it used to. This is a relatively new problem and seems to have begun about the time I had my host transfer my WordPress account from my lebookbusiness.com domain to my new lindabook.us domain. (I am still not sure they did that right, either.)
Thank you – I apologize for my ignorance. I am still learning WordPress.
Plugin Author
AITpro
(@aitpro)
Yep, the AutoLock option is a saved database option that has a value of either yes or no. Basically the Forms would have a check like: if autolock = yes or autolock = no then do the appropriate action which would either be automatically lock the root htaccess file or do NOT lock the root htaccess file.
Nope, you do not need to do anything else. You are just saving the AutoLock database option so that any Forms will NOT lock your root htaccess file EVER.
Most Hosts allow 404 file permissions for htaccess files (99%) and other Hosts do NOT allow 404 file permissions for htaccess files (1%). Your new Host does NOT allow 404 file permissions for htaccess files.
Plugin Author
AITpro
(@aitpro)
The BPS upgrade function also uses the AutoLock value. If AutoLock is set to Off then BPS will NOT automatically lock the root htaccess file during the upgrade. If AutoLock is set to On then BPS WILL automatically lock the root htaccess file.
I believe there are a total of 4 BPS Forms and the BPS upgrade function that check the AutoLock database value and do the appropriate action.
OK, thank you so much! I will just leave it unlocked then. I appreciate your help.
Plugin Author
AITpro
(@aitpro)
Very welcome and you brought an interesting point that I never thought of before. Maybe something like this should also happen: When the Turn Off AutoLock button is clicked then maybe the Lock and Unlock buttons should be hidden. I would have to think this through and consider every possible scenario before doing something like that, but it is an interesting idea. Bottom line is – if doing something solves 1 problem, but then creates 5 other problems then it is not worth doing. 😉
That sounds like a good idea – what bothers me a bit about leaving it unlocked is it seems like someone could somehow gain access to edit the .htaccess files since they are visible and unlocked. But maybe that isn’t the case, I don’t know. I’m not that worried because I don’t think anyone but me ever looks at my blog anyway!
Anyway, thanks again – and good luck!
Plugin Author
AITpro
(@aitpro)
Well actually locking the root .htaccess file is more for preventing common problems where the root htaccess code gets flushed/deleted by another plugin or theme using the WordPress flush_rewrite_rules() function then it is for security. It is very simple for a hacker to override file permissions.
