Title: Mobile version only – requesting Authentication
Last modified: August 30, 2016

---

# Mobile version only – requesting Authentication

 *  [johnnyflash](https://wordpress.org/support/users/johnnyflash/)
 * (@johnnyflash)
 * [10 years, 8 months ago](https://wordpress.org/support/topic/mobile-version-only-requesting-authentication/)
 * Hi, I recently recovered this website (www.johnnyflash.net) from a hack by some
   group. I thought I had everything cleared up but I noticed that when I try to
   access the site from my iPhone (regardless of whether I am on wifi or LTE), that
   a pop-up box appears saying “Authentication Required” with this IP address listed“
   46.4.15.53”.
 * There is not supposed to be any kind of password on the mobile/responsive version
   of the website. I looked at the the htaccess file and it seems okay… even tried
   to replace the htaccess file with a basic WordPress one and that did not seem
   to affect it. I’ve been searching my site but have been unable to figure out 
   why it is doing this.

Viewing 4 replies - 1 through 4 (of 4 total)

 *  [Colin McDermott](https://wordpress.org/support/users/woodsandhillsplc/)
 * (@woodsandhillsplc)
 * [10 years, 8 months ago](https://wordpress.org/support/topic/mobile-version-only-requesting-authentication/#post-6592641)
 * Just checked, I get the same on my phone.
 * Can you paste your .htaccess file contents for me to view?
 * Spoken to your web host?
 *  Thread Starter [johnnyflash](https://wordpress.org/support/users/johnnyflash/)
 * (@johnnyflash)
 * [10 years, 8 months ago](https://wordpress.org/support/topic/mobile-version-only-requesting-authentication/#post-6592736)
 * This is the .htaccess file I’m currently using. I tried simplifying it to the
   basic WP htaccess file but it did not seem to make a difference. I will try calling
   my web host and see if they have any suggestions.
 * # BEGIN All In One WP Security
    #AIOWPS_BLOCK_WP_FILE_ACCESS_START <Files license.
   txt> order allow,deny deny from all </files> <Files wp-config-sample.php> order
   allow,deny deny from all </Files> <Files readme.html> order allow,deny deny from
   all </Files> #AIOWPS_BLOCK_WP_FILE_ACCESS_END #AIOWPS_BASIC_HTACCESS_RULES_START
   <Files .htaccess> order allow,deny deny from all </Files> ServerSignature Off
   LimitRequestBody 10240000 <Files wp-config.php> order allow,deny deny from all
   </Files> #AIOWPS_BASIC_HTACCESS_RULES_END #AIOWPS_DEBUG_LOG_BLOCK_HTACCESS_RULES_START
   <Files debug.log> order deny,allow deny from all </Files> #AIOWPS_DEBUG_LOG_BLOCK_HTACCESS_RULES_END#
   AIOWPS_DISABLE_INDEX_VIEWS_START Options -Indexes #AIOWPS_DISABLE_INDEX_VIEWS_END#
   AIOWPS_IP_BLACKLIST_START Order allow,deny Allow from all Deny from 108.61.122.0/
   24 Deny from 110.93.23.0/24 Deny from 130.0.233.146 Deny from 14.150.246.0/24
   Deny from 162.247.72.0/24 Deny from 179.43.155.0/24 Deny from 185.24.232.0/24
   Deny from 185.56.82.0/24 Deny from 187.53.212.4 Deny from 188.138.9.0/24 Deny
   from 188.247.66.0/24 Deny from 189.28.144.52 Deny from 198.50.213.0/24 Deny from
   200.216.110.115 Deny from 5.196.66.0/24 Deny from 5.45.72.0/24 Deny from 64.235.56.0/
   24 Deny from 77.109.141.0/24 Deny from 91.200.12.0/24 Deny from 96.44.189.0/24#
   AIOWPS_IP_BLACKLIST_END #AIOWPS_DISABLE_TRACE_TRACK_START RewriteEngine On RewriteCond%{
   REQUEST_METHOD} ^(TRACE|TRACK) RewriteRule .* – [F] #AIOWPS_DISABLE_TRACE_TRACK_END#
   AIOWPS_FORBID_PROXY_COMMENTS_START RewriteCond %{REQUEST_METHOD} =POST RewriteCond%{
   HTTP:VIA}%{HTTP:FORWARDED}%{HTTP:USERAGENT_VIA}%{HTTP:X_FORWARDED_FOR}%{HTTP:
   PROXY_CONNECTION} !^$ [OR] RewriteCond %{HTTP:XPROXY_CONNECTION}%{HTTP:HTTP_PC_REMOTE_ADDR}%{
   HTTP:HTTP_CLIENT_IP} !^$ RewriteCond %{REQUEST_URI} !^/(wp-login.php|wp-admin/
   |wp-content/plugins/|wp-includes/).* [NC] RewriteRule .* – [F,NS,L] #AIOWPS_FORBID_PROXY_COMMENTS_END#
   AIOWPS_DENY_BAD_QUERY_STRINGS_START RewriteCond %{QUERY_STRING} tag= [NC,OR] 
   RewriteCond %{QUERY_STRING} ftp: [NC,OR] RewriteCond %{QUERY_STRING} http: [NC,
   OR] RewriteCond %{QUERY_STRING} https: [NC,OR] RewriteCond %{QUERY_STRING} mosConfig[
   NC,OR] RewriteCond %{QUERY_STRING} ^.*(globals|encode|localhost|loopback).* [
   NC,OR] RewriteCond %{QUERY_STRING} (\;|’|\”|%22).*(request|insert|union|declare
   |drop) [NC] RewriteRule ^(.*)$ – [F,L] #AIOWPS_DENY_BAD_QUERY_STRINGS_END #AIOWPS_ADVANCED_CHAR_STRING_FILTER_START
   <IfModule mod_alias.c> RedirectMatch 403 \, RedirectMatch 403 \: RedirectMatch
   403 \; RedirectMatch 403 \= RedirectMatch 403 \@ RedirectMatch 403 \[ RedirectMatch
   403 \] RedirectMatch 403 \^ RedirectMatch 403 \` RedirectMatch 403 \{ RedirectMatch
   403 \} RedirectMatch 403 \~ RedirectMatch 403 \” RedirectMatch 403 \$ RedirectMatch
   403 \< RedirectMatch 403 \> RedirectMatch 403 \| RedirectMatch 403 \.\. RedirectMatch
   403 \%0 RedirectMatch 403 \%A RedirectMatch 403 \%B RedirectMatch 403 \%C RedirectMatch
   403 \%D RedirectMatch 403 \%E RedirectMatch 403 \%F RedirectMatch 403 \%22 RedirectMatch
   403 \%27 RedirectMatch 403 \%28 RedirectMatch 403 \%29 RedirectMatch 403 \%3C
   RedirectMatch 403 \%3E RedirectMatch 403 \%3F RedirectMatch 403 \%5B RedirectMatch
   403 \%5C RedirectMatch 403 \%5D RedirectMatch 403 \%7B RedirectMatch 403 \%7C
   RedirectMatch 403 \%7D # COMMON PATTERNS Redirectmatch 403 \_vpi RedirectMatch
   403 \.inc Redirectmatch 403 xAou6 Redirectmatch 403 db\_name Redirectmatch 403
   select\( Redirectmatch 403 convert\( Redirectmatch 403 \/query\/ RedirectMatch
   403 ImpEvData Redirectmatch 403 \.XMLHTTP Redirectmatch 403 proxydeny RedirectMatch
   403 function\. Redirectmatch 403 remoteFile Redirectmatch 403 servername Redirectmatch
   403 \&rptmode\= Redirectmatch 403 sys\_cpanel RedirectMatch 403 db\_connect RedirectMatch
   403 doeditconfig RedirectMatch 403 check\_proxy Redirectmatch 403 system\_user
   Redirectmatch 403 \/\(null\)\/ Redirectmatch 403 clientrequest Redirectmatch 
   403 option\_value RedirectMatch 403 ref\.outcontrol # SPECIFIC EXPLOITS RedirectMatch
   403 errors\. RedirectMatch 403 config\. RedirectMatch 403 include\. RedirectMatch
   403 display\. RedirectMatch 403 register\. Redirectmatch 403 password\. RedirectMatch
   403 maincore\. RedirectMatch 403 authorize\. Redirectmatch 403 macromates\. RedirectMatch
   403 head\_auth\. RedirectMatch 403 submit\_links\. RedirectMatch 403 change\_action\.
   Redirectmatch 403 com\_facileforms\/ RedirectMatch 403 admin\_db\_utilities\.
   RedirectMatch 403 admin\.webring\.docs\. Redirectmatch 403 Table\/Latest\/index\.
   </IfModule> #AIOWPS_ADVANCED_CHAR_STRING_FILTER_END #AIOWPS_FIVE_G_BLACKLIST_START#
   5G BLACKLIST/FIREWALL (2013) # @ [http://perishablepress.com/5g-blacklist-2013/](http://perishablepress.com/5g-blacklist-2013/)
 * # 5G:[QUERY STRINGS]
    <IfModule mod_rewrite.c> RewriteEngine On RewriteBase /
   RewriteCond %{QUERY_STRING} (\”|%22).*(<|>|%3) [NC,OR] RewriteCond %{QUERY_STRING}(
   javascript:).*(\;) [NC,OR] RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3)[
   NC,OR] RewriteCond %{QUERY_STRING} (\\|\.\./|`|=’$|=%27$) [NC,OR] RewriteCond%{
   QUERY_STRING} (\;|’|\”|%22).*(union|select|insert|drop|update|md5|benchmark|or
   |and|if) [NC,OR] RewriteCond %{QUERY_STRING} (base64_encode|localhost|mosconfig)[
   NC,OR] RewriteCond %{QUERY_STRING} (boot\.ini|echo.*kae|etc/passwd) [NC,OR] RewriteCond%{
   QUERY_STRING} (GLOBALS|REQUEST)(=|\[|%) [NC] RewriteRule .* – [F] </IfModule>
 * # 5G:[USER AGENTS]
    <IfModule mod_setenvif.c> # SetEnvIfNoCase User-Agent ^$ 
   keep_out SetEnvIfNoCase User-Agent (binlar|casper|cmsworldmap|comodo|diavol|dotbot
   |feedfinder|flicky|ia_archiver|jakarta|kmccrew|nutch|planetwork|purebot|pycurl
   |skygrid|sucker|turnit|vikspider|zmeu) keep_out <limit GET POST PUT> Order Allow,
   Deny Allow from all Deny from env=keep_out </limit> </IfModule>
 * # 5G:[REQUEST STRINGS]
    <IfModule mod_alias.c> RedirectMatch 403 (https?|ftp|
   php)\:// RedirectMatch 403 /(https?|ima|ucp)/ RedirectMatch 403 /(Permanent|Better)
   $ RedirectMatch 403 (\=\\\’|\=\\%27|/\\\’/?|\)\.css\()$ RedirectMatch 403 (\,
   |\)\+|/\,/|\{0\}|\(/\(|\.\.\.|\+\+\+|\||\\\”\\\”) RedirectMatch 403 \.(cgi|asp
   |aspx|cfg|dll|exe|jsp|mdb|sql|ini|rar)$ RedirectMatch 403 /(contac|fpw|install
   |pingserver|register)\.php$ RedirectMatch 403 (base64|crossdomain|localhost|wwwroot
   |e107\_) RedirectMatch 403 (eval\(|\_vti\_|\(null\)|echo.*kae|config\.xml) RedirectMatch
   403 \.well\-known/host\-meta RedirectMatch 403 /function\.array\-rand RedirectMatch
   403 \)\;\$\(this\)\.html\( RedirectMatch 403 proc/self/environ RedirectMatch 
   403 msnbot\.htm\)\.\_ RedirectMatch 403 /ref\.outcontrol RedirectMatch 403 com\
   _cropimage RedirectMatch 403 indonesia\.htm RedirectMatch 403 \{\$itemURL\} RedirectMatch
   403 function\(\) RedirectMatch 403 labels\.rdf RedirectMatch 403 /playing.php
   RedirectMatch 403 muieblackcat </IfModule>
 * # 5G:[REQUEST METHOD]
    <ifModule mod_rewrite.c> RewriteCond %{REQUEST_METHOD}
   ^(TRACE|TRACK) RewriteRule .* – [F] </IfModule> #AIOWPS_FIVE_G_BLACKLIST_END #
   AIOWPS_BLOCK_SPAMBOTS_START <IfModule mod_rewrite.c> RewriteCond %{REQUEST_METHOD}
   POST RewriteCond %{REQUEST_URI} ^(.*)?wp-comments-post\.php(.*)$ RewriteCond %{
   HTTP_REFERER} !^http(s)?://(.*)?\.johnnyflash\.net [NC,OR] RewriteCond %{HTTP_USER_AGENT}
   ^$ RewriteRule .* [http://127.0.0.1](http://127.0.0.1) [L] </IfModule> #AIOWPS_BLOCK_SPAMBOTS_END#
   END All In One WP Security
 * # BEGIN WordPress
    <IfModule mod_rewrite.c> RewriteEngine On RewriteBase / RewriteRule
   ^index\.php$ – [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME}!-
   d RewriteRule . /index.php [L] </IfModule> # END WordPress # Sucuri Recommendations–
   Added April 15, 2015 <IfModule mod_headers.c> Header set X-XSS-Protection “1;
   mode=block” Header always append X-Frame-Options SAMEORIGIN Header set X-Content-
   Type-Options “nosniff” </IfModule> # End of Suruci
 * # Use Gzip to serve up files
    # compress text, html, javascript, css, xml: AddOutputFilterByType
   DEFLATE text/plain AddOutputFilterByType DEFLATE text/html AddOutputFilterByType
   DEFLATE text/xml AddOutputFilterByType DEFLATE text/css AddOutputFilterByType
   DEFLATE application/xml AddOutputFilterByType DEFLATE application/xhtml+xml AddOutputFilterByType
   DEFLATE application/rss+xml AddOutputFilterByType DEFLATE application/javascript
   AddOutputFilterByType DEFLATE application/x-javascript
 *  Thread Starter [johnnyflash](https://wordpress.org/support/users/johnnyflash/)
 * (@johnnyflash)
 * [10 years, 8 months ago](https://wordpress.org/support/topic/mobile-version-only-requesting-authentication/#post-6592739)
 * I found a JS file in my theme sub-folder that had the mentioned IP address for
   mobile devices. Once I changed that line to reference the correct local CSS file,
   it seemed to solve the problem. I’m not sure how it got like that but all seems
   well now. Thanks.
 *  [Colin McDermott](https://wordpress.org/support/users/woodsandhillsplc/)
 * (@woodsandhillsplc)
 * [10 years, 8 months ago](https://wordpress.org/support/topic/mobile-version-only-requesting-authentication/#post-6592743)
 * Cool, glad you got it sorted.
 * I was going to say, you have a lot of different blocking rules etc in your htaccess…
   I’m sure you could simplify it a lot if you wanted to.

Viewing 4 replies - 1 through 4 (of 4 total)

The topic ‘Mobile version only – requesting Authentication’ is closed to new replies.

## Tags

 * [authentication](https://wordpress.org/support/topic-tag/authentication/)
 * [mobile](https://wordpress.org/support/topic-tag/mobile/)
 * [redirect](https://wordpress.org/support/topic-tag/redirect/)

 * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
 * 4 replies
 * 2 participants
 * Last reply from: [Colin McDermott](https://wordpress.org/support/users/woodsandhillsplc/)
 * Last activity: [10 years, 8 months ago](https://wordpress.org/support/topic/mobile-version-only-requesting-authentication/#post-6592743)
 * Status: not resolved

## Topics

### Topics with no replies

### Non-support topics

### Resolved topics

### Unresolved topics

### All topics