Title: DSO Server Setup Steps
Last modified: August 30, 2016
---
# DSO Server Setup Steps
* Resolved [VesperaWebDesigns](https://wordpress.org/support/users/vesperawebdesigns/)
* (@vesperawebdesigns)
* [10 years, 10 months ago](https://wordpress.org/support/topic/dso-server-setup-steps/)
* BPS Version: .52.3
Server API: apache2handler DSO Host Server Type
* I have completed the steps outlined in this post:
* [DSO Server Setup Steps/](http://forum.ait-pro.com/forums/topic/dso-setup-steps/)
* for the case where the Script Owner ID’s and the File Owner ID’s match:
1. include the 3 new lines in wp-config.php
2. clear the browser and server caches (the apache2 install is on my laptop)
3. navigate to BPS Security=>System Info
4. check that WP Filesystem API Method: direct
5. navigate to Setup Wizard
6. observe that there are no red warning messages
7. run Setup Wizard
8. observe that there are no red warning messages
9. navigate to BPS Security=>System Info
* In the pane in the lower right quadrant of the page, the Script Owner ID’s and
the File Owner ID’s are still displayed, even though the post indicates they
should no longer be.
* Have I misunderstood the post?
* For the record, BPS when running on this server did not report any errors prior
to modifying wp-config.php, but I am having difficulty getting another plug-in
to work once I install BPS.
* [https://wordpress.org/plugins/bulletproof-security/](https://wordpress.org/plugins/bulletproof-security/)
Viewing 15 replies - 1 through 15 (of 23 total)
1 [2](https://wordpress.org/support/topic/dso-server-setup-steps/page/2/?output_format=md)
[→](https://wordpress.org/support/topic/dso-server-setup-steps/page/2/?output_format=md)
* Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/)
* (@aitpro)
* [10 years, 10 months ago](https://wordpress.org/support/topic/dso-server-setup-steps/#post-6430627)
* The System Info: Website|Server|Opcode Cache|Accelerators|IP Info pane/table (
top left) is where you should now only be seeing this: WP Filesystem API Method:
direct.
* The System Info: File|Folder Permissions (CGI or DSO)|Script Owner User ID (UID)
|File Owner User ID pane/table (bottom right) will always display static file/
folder permissions and the UID for files and folders.
* Post your entire File|Folder Permissions (CGI or DSO)|Script Owner User ID (UID)
|File Owner User ID pane/table. If you want to obscure your actual UID then change
them consistently. What I need to see is whether all UID’s match or not and not
the actual UID.
* Example:
* ```
Actual: ../.htaccess 404 0404 5555 5555
Obscured: ../.htaccess 404 0404 1 1
```
* Thread Starter [VesperaWebDesigns](https://wordpress.org/support/users/vesperawebdesigns/)
* (@vesperawebdesigns)
* [10 years, 10 months ago](https://wordpress.org/support/topic/dso-server-setup-steps/#post-6430630)
* Thanks for your prompt reply!
* ```
DSO File and Folder Permissions|Recommendations
Script Script
File Path Rec Cur Owner Owner
Folder Path Perm Perm UserID UserID
../ 755 0755 1000 1000
../.htaccess 644 0644 1000 1000
../wp-config.php 644 0664 1000 1000
../index.php 644 0644 1000 1000
../wp-blog-header.php 644 0644 1000 1000
../wp-admin 755 0755 1000 1000
../wp-includes 755 0755 1000 1000
../wp-content 755 0755 1000 1000
../wp-content/plugins 755 0755 1000 1000
../wp-content/themes 755 0755 1000 1000
../wp-content/uploads 755 0755 1000 1000
../wp-content/upgrade 755 0755 1000 1000
../wp-content/bps-backup 755 0755 1000 1000
../wp-content/bps-backup/logs 755 0755 1000 1000
../wp-content/bps-backup/master-backups 755 0755 1000 1000
../wp-content/bps-backup/backups_sXEZC8b7zI3vVba 755 0755 1000 1000
```
* The statement in the post offering advice that concerns me is:
* > Note: When the WP Filesystem API Method is “direct” then the Script Owner ID
> and File Owner ID fields **will no longer be displayed on the System Info page**.
* Regards,
Christina
* Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/)
* (@aitpro)
* [10 years, 10 months ago](https://wordpress.org/support/topic/dso-server-setup-steps/#post-6430638)
* Yep, that DSO Setup forum topic needs to be updated. When that forum topic was
originally create the new System Info File|Folder Permissions (CGI or DSO)|Script
Owner User ID (UID)|File Owner User ID pane/table did not exist yet. 😉
* Ok so all UID’s match so that looks good. So now describe in detail what exactly
is not working in the other plugin and post the name of the plugin so I can download
it and look at the code in that plugin. Are you seeing any 403 errors in your
Security Log for that other plugin? If so, post that Security Log entry for that
plugin.
* Thread Starter [VesperaWebDesigns](https://wordpress.org/support/users/vesperawebdesigns/)
* (@vesperawebdesigns)
* [10 years, 10 months ago](https://wordpress.org/support/topic/dso-server-setup-steps/#post-6430676)
* The other plug-in is AkeebaBackupWP, and it is commercial. The download is behind
a paywall, and staff started a scheduled vacation before my problem was completely
solved (I have a work-around). They won’t be back until August 16. What is the
etiquette in this situation? Can I send you the .zip file privately?
* When the problem occurs, a single 403 error is recorded in your log.
* ```
[403 GET / HEAD Request: 5th August 2015 - 8:04 pm]
Event Code: WPADMIN-SBR
Solution: http://forum.ait-pro.com/forums/topic/security-log-event-codes/
REMOTE_ADDR: 127.0.0.1
Host Name: localhost
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR:
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER: http://localhost/repos/akeeba2dev/wp-admin/admin.php?page=akeebabackupwp.1.3.4.rev59F39EC-%2Fakeebabackupwp.php
REQUEST_URI: /repos/akeeba2dev/wp-content/plugins/akeebabackupwp.1.3.4.rev59F39EC-/app//backups/index.html
QUERY_STRING:
HTTP_USER_AGENT: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:39.0) Gecko/20100101 Firefox/39.0
```
* The requested file is in a directory that has its own .htaccess file. Support
claims that a 403 error is expected for that request, that it is how the program
ensures that the files cannot be accessed by the browser. If a 403 were not returned,
a warning would be displayed. Apparently the malformed string (“//”) is not significant.
* Support claims that the error I am seeing (reported as “Application Error 500
Invalid security token”) is the result of a session error. The following PHP
variables are set according to the plug-in’s specifications:
- session.save_path = “/var/lib/php5”
- php_value session.cookie_httponly = 0
- php_value session.cookie_secure = 0
* Permissions for the “/var/lib/php5” directory, where session tokens are stored,
seem to be correct, and I have spotted AKWP session tokens in that directory
occasionally, so I know it can be written to.
* The error message appears when attempting to switch Backup Profiles in the Control
Panel. The error message is only observed after Setup Wizard is run, and it is
not displayed once the BPS root .htaccess file is renamed or deleted. Commenting
out the Options and DirectoryIndex variables in the BPS-supplied .htaccess file
does not seem to make any difference.
* I was hoping that following your advice about customizing the wp-config.php file
for a DSO server would help, but it does not seem to make any difference, either.
* I wasn’t going to ask for your help with this until I had tried all the troubleshooting
suggestions you have posted in your forum, but if you can point me in a direction
that is likely to solve this problem, I’d be much obliged. 🙂
* Regards,
Christina
* Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/)
* (@aitpro)
* [10 years, 10 months ago](https://wordpress.org/support/topic/dso-server-setup-steps/#post-6430679)
* > The error message is only observed after Setup Wizard is run, and it is not
> displayed once the BPS root .htaccess file is renamed or deleted.
* The Setup Wizard creates a new BPS root htaccess file. By renaming/deleting the
BPS root htaccess file you have confirmed that a whitelist rule is needed in
the root htaccess file for the AkeebaBackupWP plugin.
* Try this first: Create a plugin skip/bypass rule for AkeebaBackupWP
* 1. Copy the code below to this BPS Root Custom Code text box: CUSTOM CODE PLUGIN/
THEME SKIP/BYPASS RULES
2. Click the Save Root Custom Code button. 3. Go to
the BPS Security Modes page, click the Create secure.htaccess File AutoMagic
button, select the Activate Root Folder BulletProof Mode Radio button and click
the Activate|Deactivate button.
* ```
# AkeebaBackupWP plugin skip/bypass
RewriteCond %{REQUEST_URI} ^/wp-content/plugins/akeebabackupwp(.*) [NC]
RewriteRule . - [S=13]
```
* Note: The 403 error that you are seeing logged in the BPS Security Log is probably
not the same 403 error that AkeebaBackupWP support is referring too.
* Thread Starter [VesperaWebDesigns](https://wordpress.org/support/users/vesperawebdesigns/)
* (@vesperawebdesigns)
* [10 years, 10 months ago](https://wordpress.org/support/topic/dso-server-setup-steps/#post-6430708)
* Thank you! I understand the Skip Rule, but could not have written it myself.
🙂
* Skip Rule #12 looks like this:
* ```
# Adminer MySQL management tool data populate
RewriteCond %{REQUEST_URI} ^/repos/akeeba2dev/wp-content/plugins/adminer/ [NC]
RewriteRule . - [S=12]
```
* so I changed the path name to prepend “/repos/akeeba2dev”. The error was still
reported, so I tried the following tweaks, one at a time:
* RewriteCond %{REQUEST_URI} ^/repos/akeeba2dev/wp-content/plugins/akeebabackupwp(.*)[
NC]
RewriteCond %{REQUEST_URI} ^/repos/akeeba2dev/wp-content/plugins/akeebabackupwp(.*)/[
NC] RewriteCond %{REQUEST_URI} ^/repos/akeeba2dev/wp-content/plugins/akeebabackupwp.
1.3.4.rev59F39EC- [NC] RewriteCond %{REQUEST_URI} ^/repos/akeeba2dev/wp-content/
plugins/akeebabackupwp.1.3.4.rev59F39EC-/ [NC]`
* For each tweaked rule, I would:
1. Copy the rule to this BPS Root Custom Code text box: CUSTOM CODE PLUGIN/THEME
SKIP/BYPASS RULES
2. Click the Save Root Custom Code button.
3. Go to the BPS Security Modes page, click the Create secure.htaccess File AutoMagic
button, select the Activate Root Folder BulletProof Mode Radio button and click
the Activate|Deactivate button.
4. Check that the root .htaccess file contained the desired rule.
5. Navigate to the AKWP Control Panel.
6. Clear the browser cache.
7. Use OPCacheGUI to clear the server cache.
8. Reload the AKWP Control Panel.
9. Attempt to select a different Backup Profile.
* I double-checked the BPS Security Log, and there were no errors other than the
403 returned when that URI was requested.
* Just as a sanity check, once all of these failed, I renamed the .htaccess file,
cleared the caches, and reloaded the page. No error was displayed, and no errors
were recorded in the BPS Security Log.
* Regards,
Christina
* Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/)
* (@aitpro)
* [10 years, 10 months ago](https://wordpress.org/support/topic/dso-server-setup-steps/#post-6430712)
* Oops yeah good catch on the URI. Forgot to add your full URI in the skip/bypass
rule. 😉 Ok so a plugin skip/bypass rule is not going to work for whatever is
being blocked.
* Try these whitelisting methods next in the same order as they are shown below:
* **Notes:** Replace/change **YourWebsite.com** in the code below with your actual
website domain name. You can get that by looking at the existing TIMTHUMB FORBID
RFI and MISC FILE SKIP/BYPASS RULE root htaccess code in your BPS root htaccess
file. I have added the additional `akeebabackupwp\.php|` file and code in the
code below.
* 1. Copy the code below to this Custom Code text box: CUSTOM CODE TIMTHUMB FORBID
RFI and MISC FILE SKIP/BYPASS RULE: Add additional Referers and/or misc file
names. IMPORTANT! Change the HTTP_REFERER YourWebsite.com domain name to your
actual domain/website’s name.
2. Save your new custom code by clicking the Save
Root Custom Code button. 3. Click the Create secure.htaccess File AutoMagic button
on the Security Modes page. 4. Activate BulletProof Mode for your Root folder
on the Security Modes page.
* ```
# TIMTHUMB FORBID RFI and MISC FILE SKIP/BYPASS RULE
# Use BPS Custom Code to modify/edit/change this code and to save it permanently.
# Remote File Inclusion (RFI) security rules
# Note: Only whitelist your additional domains or files if needed - do not whitelist hacker domains or files
RewriteCond %{QUERY_STRING} ^.*(http|https|ftp)(%3A|:)(%2F|/)(%2F|/)(w){0,3}.?(blogger|picasa|blogspot|tsunami|petapolitik|photobucket|imgur|imageshack|wordpress\.com|img\.youtube|tinypic\.com|upload\.wikimedia|kkc|start-thegame).*$ [NC,OR]
RewriteCond %{THE_REQUEST} ^.*(http|https|ftp)(%3A|:)(%2F|/)(%2F|/)(w){0,3}.?(blogger|picasa|blogspot|tsunami|petapolitik|photobucket|imgur|imageshack|wordpress\.com|img\.youtube|tinypic\.com|upload\.wikimedia|kkc|start-thegame).*$ [NC]
RewriteRule .* index.php [F]
#
# Example: Whitelist additional misc files: (example\.php|another-file\.php|phpthumb\.php|thumb\.php|thumbs\.php)
RewriteCond %{REQUEST_URI} (akeebabackupwp\.php|timthumb\.php|phpthumb\.php|thumb\.php|thumbs\.php) [NC]
# Example: Whitelist additional website domains: RewriteCond %{HTTP_REFERER} ^.*(YourWebsite.com|AnotherWebsite.com).*
RewriteCond %{HTTP_REFERER} ^.*YourWebsite.com.*
RewriteRule . - [S=1]
```
* If the whitelisting method above does not work then try this next;
* 1. Add the page=akeebabackupwp Query String skip/bypass rule below to this wp-
admin Custom Code text box: CUSTOM CODE WPADMIN PLUGIN/FILE SKIP RULES
2. Click
the Save wp-admin Custom Code button. 3. Go to the Security Modes page and Activate
wp-admin Folder BulletProof Mode.
* ```
# AkeebaBackupWP wp-admin Query String skip/bypass rule
# RewriteCond %{QUERY_STRING} page=akeebabackupwp(.*) [NC]
# RewriteRule . - [S=2]
```
* Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/)
* (@aitpro)
* [10 years, 10 months ago](https://wordpress.org/support/topic/dso-server-setup-steps/#post-6430715)
* Or this may work:
* 1. Go to the BPS htaccess File Editor page, click on the Your Current Root htaccess
File tab, scroll down in your Root .htaccess file code until you see .htaccess
code that looks like this code below.
* ```
# WP REWRITE LOOP START
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
```
* 2. Copy your # WP REWRITE LOOP START code to this BPS Root Custom Code text box:
CUSTOM CODE WP REWRITE LOOP START
3. After you have copied your WP Rewrite Loop
Start .htaccess code then add the akeebabackupwp RewriteRule skip/bypass rule
as shown in the code below. 4. Click the Save Root Custom Code button. 5. Go
to the BPS Security Modes page, click the Create secure.htaccess File AutoMagic
button and activate Root folder BulletProof Mode.
* ```
# WP REWRITE LOOP START
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
# akeebabackupwp RewriteRule skip/bypass
RewriteRule ^repos/akeeba2dev/wp-content/plugins/akeebabackupwp(.*) - [L]
```
* Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/)
* (@aitpro)
* [10 years, 10 months ago](https://wordpress.org/support/topic/dso-server-setup-steps/#post-6430736)
* Ok I found a free Akeeba Backup version for WordPress. Downloaded it, installed
and tested it and both file and db backups work fine, but I am also seeing a
403 error even though the backups completed successfully. So this appears to
only be a nuisance 403 error and not an error indicating that something is actually
not working. I will figure out exactly what is triggering this error and post
the solution shortly. I may find that what the Akeeba Backup support folks said
about a 403 error always occurring with their plugin is that in that case BPS
logs all 403 errors on a website whether or not the 403 error has anthing to
do with BPS. If this is the case then it is a nuisance error that just needs
to not be logged.
* ```
[403 GET / HEAD Request: August 13, 2015 - 1:49 pm]
Event Code: WPADMIN-SBR
Solution: http://forum.ait-pro.com/forums/topic/security-log-event-codes/
REMOTE_ADDR: 127.0.0.1
Host Name: Z666P-HP
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR:
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER: http://demo5.local/wp-admin/admin.php?page=akeebabackupwp-core%2Fakeebabackupwp.php&view=main
REQUEST_URI: /wp-content/plugins/akeebabackupwp-core/app//backups/index.html?_=1439498971140
QUERY_STRING:
HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
```
* Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/)
* (@aitpro)
* [10 years, 10 months ago](https://wordpress.org/support/topic/dso-server-setup-steps/#post-6430747)
* Ok ironically the problem is with the Akeeba Backup htaccess files themselves.
there are several of them throughout the Akeeba Backup plugin folders. The best
approach would be to automatically create .htaccess files based on a check if
the mod_authz_core module is loaded instead of doing a one size fits all conditional
thing with htaccess files/code to cover all bases. ie if mod_authz_core module
is loaded create htaccess file/code X. if mod_authz_core module is NOT loaded
create htaccess file/code Y. We actually need to do this same thing in BPS soon.
* So if you do not want to see the 403 nuisance errors then the solution is to
edit all Akeeba Backup htaccess files and delete the htaccess code that does
not apply to your Apache server version.
* Older versions of Apache used this htaccess code without having to do anything
else with it. The new Apache thing is: mod_authz_core
* ```
Order Deny,Allow
Deny from all
```
* This one size fits all thing below may work in most cases, but it will also fail
in a lot of other cases. The fail is a nuisance fail and not critical. ie errors
are generated, but nothing is actually being broken.
* ```
# Apache 2.2
Order Deny,Allow
Deny from all
# Apache 2.4
Require all denied
```
* Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/)
* (@aitpro)
* [10 years, 10 months ago](https://wordpress.org/support/topic/dso-server-setup-steps/#post-6430757)
* So on my XAMPP Dev server if I comment out all of these code lines below with#
signs in this file: /app/backups/.htaccess I no longer see that 403 error and
the /backups folder is still protected. I did not bother with editing any of
the other Akeeba Backup htaccess files.
* ```
#
Order deny,allow
Deny from all
#
#
#
# Require all denied
#
#
```
* Thread Starter [VesperaWebDesigns](https://wordpress.org/support/users/vesperawebdesigns/)
* (@vesperawebdesigns)
* [10 years, 10 months ago](https://wordpress.org/support/topic/dso-server-setup-steps/#post-6430784)
* I apologize, I am having to do this in a bit of a hurry, and will have to pause
in this investigation due to prior commitments.
* I tried replacing the contents of /app/backups/.htaccess with your suggested
code, and still got the 403 error (and the Application 500 error).
* I also tried the following code in /app/backups/.htaccess (essentially the opposite
of what you had done):
* ```
#
#Order deny,allow
#Deny from all
#
#
Require all denied
#
```
* and still got the 403 error (and the Application 500 error).
* Then I tried commenting EVERYTHING out. When I navigated to the AKWP Control
Panel, a notification was displayed that was not there before, that a new version
of AKWP is now available. When I went to change profiles, the Application 500
error was not displayed, and no 403 error was logged (as expected).
* I restored the original /app/backups/.htaccess file, and renamed the root .htaccess
file. The notification of a new version was displayed. When I went to change
profiles, the Application 500 error was not displayed, and no 403 error was logged(
as expected).
* One difference between the paid and free versions of AKWP is how available updates
are detected. The paid version checks that a valid Download ID has been entered.
It probably also retrieves the update from a different location than the free
version.
* Somehow the existence of the BPS .htaccess file is causing AKWP not to be able
to detect that an update is available. It is also causing the AKWP code to go
down a different path when switching profiles, since it doesn’t even make the
HTTP request that results in a 403 error.
* I have to delay any further work on this until Monday. By then AKWP staff will
be back from vacation, and I can pass along all this information to them. I think
their input is needed at this point anyway.
* Thank you for giving your time and expertise to solving this problem. I think
we’re a lot closer to the solution now!
* Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/)
* (@aitpro)
* [10 years, 10 months ago](https://wordpress.org/support/topic/dso-server-setup-steps/#post-6430813)
* So there must obviously be some differences between the Akeeba free and pro versions.
Maybe there are several 403 errors occurring and not just the one 403 error due
to Akeeba htaccess file code itself. Or maybe the localhost server itself has
had additional configuration done in the httpd.conf file or the vhosts conf file.
* Both file backups and DB backups worked fine for me whether or not I changed
the Akeeba htaccess file code. Are Akeeba backups also working normally for you
even though you are seeing a nuisance 403 error(s)?
* Most likely the API upgrade check is being blocked by 1 or more of these BPS
root .htaccess file security rules below and commenting them out with a # sign
in your root .htaccess file would tell you which rule or rules that is:
* Most likely:
* ```
#RewriteCond %{HTTP_USER_AGENT} (havij|libwww-perl|wget|python|nikto|curl|scan|java|winhttp|clshttp|loader) [NC,OR]
#RewriteCond %{HTTP_USER_AGENT} (;|<|>|'|"|\)|\(|%0A|%0D|%22|%27|%28|%3C|%3E|%00).*(libwww-perl|wget|python|nikto|curl|scan|java|winhttp|HTTrack|clshttp|archiver|loader|email|harvest|extract|grab|miner) [NC,OR]
```
* Less likely:
* ```
#RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=http:// [NC,OR]
#RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(\.\.//?)+ [NC,OR]
#RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ [NC,OR]
```
* Least likely:
* ```
#RewriteCond %{QUERY_STRING} ftp\: [NC,OR]
#RewriteCond %{QUERY_STRING} http\: [NC,OR]
#RewriteCond %{QUERY_STRING} https\: [NC,OR]
```
* Thread Starter [VesperaWebDesigns](https://wordpress.org/support/users/vesperawebdesigns/)
* (@vesperawebdesigns)
* [10 years, 10 months ago](https://wordpress.org/support/topic/dso-server-setup-steps/#post-6430828)
* Thanks! I’ll try all that on Monday, plus the suggestions you made earlier. If
there are any variables in httpd.conf or vhosts.conf whose values you would like
me to supply, please let me know.
* I agree that the 403 error is a “nuisance error”, but I think the fact that it
occurs only when the Application error is displayed is significant, and may help
the AKWP developer track down the problem.
* Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/)
* (@aitpro)
* [10 years, 10 months ago](https://wordpress.org/support/topic/dso-server-setup-steps/#post-6430829)
* You would be checking the httpd.conf and vhosts conf files to see what they are
doing or not doing with the mod_authz_core module.
* In my XAMPP httpd.conf file I see that the module is being loaded, but this is
XAMPP, which has been modified to run under Windows instead of Linux.
LoadModule
authz_core_module modules/mod_authz_core.so. In my vhosts conf file I am using
the new “Require all granted” vs the older “Order” directive, but my htaccess
files are still using “Order” and they are working so that tells me there is
a fallback for the older “Order” directive in htaccess files and they still work
fine. I assume Apache is doing a standard deprecation method: [https://en.wikipedia.org/wiki/Deprecation](https://en.wikipedia.org/wiki/Deprecation)
just like PHP or any other software does for backwards compatibility and moving
forward. So basically that means that this htaccess code below should work for
many versions of Apache until the “Order” directive is completely removed.
* ```
Order Deny,Allow
Deny from all
```
* If everything is working correctly then that falls under nuisance. The 403 error
for the API upgrade being blocked is not a nuisance error and is a critical error.
One of the security filters above is most likely blocking the API upgrade check.
Viewing 15 replies - 1 through 15 (of 23 total)
1 [2](https://wordpress.org/support/topic/dso-server-setup-steps/page/2/?output_format=md)
[→](https://wordpress.org/support/topic/dso-server-setup-steps/page/2/?output_format=md)
The topic ‘DSO Server Setup Steps’ is closed to new replies.
* 
* [BulletProof Security](https://wordpress.org/plugins/bulletproof-security/)
* [Support Threads](https://wordpress.org/support/plugin/bulletproof-security/)
* [Active Topics](https://wordpress.org/support/plugin/bulletproof-security/active/)
* [Unresolved Topics](https://wordpress.org/support/plugin/bulletproof-security/unresolved/)
* [Reviews](https://wordpress.org/support/plugin/bulletproof-security/reviews/)
* 23 replies
* 2 participants
* Last reply from: [AITpro](https://wordpress.org/support/users/aitpro/)
* Last activity: [10 years, 9 months ago](https://wordpress.org/support/topic/dso-server-setup-steps/page/2/#post-6430968)
* Status: resolved