itheme security modifies the .htaccess file and deletes the permalink code.

webmasteray
(@webmasteray)

4 years, 9 months ago

Greetings.
The itheme security plugin generates problems in the website because it updates the .htaccess file and removes the permalink code.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ – [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
causing the site to generate the 404 error.
I have contacted the server provider and they have created a new .htacces file with the following code.
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On RewriteBase /
RewriteRule ^index\.php$ – [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]]

And it works but then it goes back to update the .htacces file and removes it causing the site to show 404 error.

the server provider suggested that I contact you to review the script.

The page I need help with: [log in to see the link]

Viewing 3 replies - 1 through 3 (of 3 total)

(@app1e5auce)

Just wanted to jump in and say I had this same problem with a client today.

I have dozens on clients all running up-to-date versions of iThemes Security. One client, seemingly randomly, had 404s on every page except the home page. I looked in the .htaccess file, and the WordPress code had been replaced by some standard iThemes code adding an IP to the blocked list.

Obviously, iThemes code usually safely inserts above the default WordPress code which is needed for links to resolve. Not sure why this one time resulted in file being broken.

geekayhu

(@geekayhu)

4 years, 8 months ago

Same problem here, but with 500 server error. Hosting support also suggests that it might be the security plugin.

Ruanna

(@ruanna)

4 years, 6 months ago

I’ve experienced this with iThemes Security Pro, on one site only, two times over the last week. Code in htaccess is as follows:

# BEGIN iThemes Security - Do not modify or remove this line
# iThemes Security Config Details: 2
	# Protect System Files - Security > Settings > System Tweaks > System Files
	<files .htaccess>
		<IfModule mod_litespeed.c>
			Order allow,deny
			Deny from all
		</IfModule>
	</files>
	<files readme.html>
		<IfModule mod_litespeed.c>
			Order allow,deny
			Deny from all
		</IfModule>
	</files>
	<files readme.txt>
		<IfModule mod_litespeed.c>
			Order allow,deny
			Deny from all
		</IfModule>
	</files>
	<files wp-config.php>
		<IfModule mod_litespeed.c>
			Order allow,deny
			Deny from all
		</IfModule>
	</files>

	# Disable Directory Browsing - Security > Settings > System Tweaks > Directory Browsing
	Options -Indexes

	<IfModule mod_rewrite.c>
		RewriteEngine On

		# Protect System Files - Security > Settings > System Tweaks > System Files
		RewriteRule ^wp-admin/install\.php$ - [F]
		RewriteRule ^wp-admin/includes/ - [F]
		RewriteRule !^wp-includes/ - [S=3]
		RewriteRule ^wp-includes/[^/]+\.php$ - [F]
		RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F]
		RewriteRule ^wp-includes/theme-compat/ - [F]
		RewriteCond %{REQUEST_FILENAME} -f
		RewriteRule (^|.*/)\.(git|svn)/.* - [F]

		# Disable PHP in Uploads - Security > Settings > System Tweaks > PHP in Uploads
		RewriteRule ^wp\-content/uploads/.*\.(?:php[1-7]?|pht|phtml?|phps)\.?$ - [NC,F]

		# Disable PHP in Plugins - Security > Settings > System Tweaks > PHP in Plugins
		RewriteRule ^wp\-content/plugins/.*\.(?:php[1-7]?|pht|phtml?|phps)\.?$ - [NC,F]

		# Disable PHP in Themes - Security > Settings > System Tweaks > PHP in Themes
		RewriteRule ^wp\-content/themes/.*\.(?:php[1-7]?|pht|phtml?|phps)\.?$ - [NC,F]
	</IfModule>
# END iThemes Security - Do not modify or remove this line

Until the htaccess file is restored, only the home page is accessible, all others are 404.

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘itheme security modifies the .htaccess file and deletes the permalink code.’ is closed to new replies.

Tags