Solved

403 error at http://www.pigsforpeace.org/

Posted on 2014-11-29
10
256 Views
Last Modified: 2014-11-29
WordPress 4.0.1

Friends,

Good morning; I hope your Thanksgiving holiday (if you celebrate) was relaxing.

I'm frustrated by a problem with one of my WordPress sites -- http://www.pigsforpeace.org/.

Short version:
* Right now I get a 403 error when I try to access the site. Obviously I cannot log in to WordPress dashboard anymore.

* The technician at the ISP, viviotech, says he does not see any permission errors in the httpd.conf file.

* I checked my .hthaccess file but that looks OK too; there are some statements in .htaccess from the iThemes security plugin, but that is all. I give the .htaccess file, below.

Details:
* I am trying to transfer the web site at http://test.ebwebwork.com to http://www.pigsforpeace.org/.

* My plan is to use PHPMyAdmin to export the test database, replace test.ebwebwork.com with www.pigsforpeace.org, and import the revised database

* I have not done that yet -- because php.ini does not allow me to upload a large file; I am working on this separately

* Anyway, sometime around yesterday, I suddenly started getting  a 403 at http://www.pigsforpeace.org/

* Previously I was at least able to view the http://www.pigsforpeace.org/ site and log in to WP dashboard.

Do you have any thoughts about what is going on with the 403?

Thank you for your time and help, and for patiently reading this long question. =)

Peace.

Eric
0
Comment
Question by:Eric Bourland
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 4
10 Comments
 
LVL 58

Accepted Solution

by:
Gary earned 500 total points
ID: 40471738
You haven't given your htaccess code - it's probably the likely culprit
0
 
LVL 3

Author Comment

by:Eric Bourland
ID: 40471744
I apologize. Here is .htaccess:

# BEGIN iThemes Security
#Quick ban IP. Will be updated on next formal rules save.
SetEnvIF REMOTE_ADDR "^177\.180\.149\.25$" DenyAccess
SetEnvIF X-FORWARDED-FOR "^177\.180\.149\.25$" DenyAccess
SetEnvIF X-CLUSTER-CLIENT-IP "^177\.180\.149\.25$" DenyAccess
order allow,deny
deny from env=DenyAccess
deny from 177.180.149.25
allow from all
#Quick ban IP. Will be updated on next formal rules save.
SetEnvIF REMOTE_ADDR "^69\.250\.144\.41$" DenyAccess
SetEnvIF X-FORWARDED-FOR "^69\.250\.144\.41$" DenyAccess
SetEnvIF X-CLUSTER-CLIENT-IP "^69\.250\.144\.41$" DenyAccess
order allow,deny
deny from env=DenyAccess
deny from 69.250.144.41
allow from all
#Quick ban IP. Will be updated on next formal rules save.
SetEnvIF REMOTE_ADDR "^69\.250\.144\.41$" DenyAccess
SetEnvIF X-FORWARDED-FOR "^69\.250\.144\.41$" DenyAccess
SetEnvIF X-CLUSTER-CLIENT-IP "^69\.250\.144\.41$" DenyAccess
order allow,deny
deny from env=DenyAccess
deny from 69.250.144.41
allow from all
#Quick ban IP. Will be updated on next formal rules save.
SetEnvIF REMOTE_ADDR "^208\.77\.208\.186$" DenyAccess
SetEnvIF X-FORWARDED-FOR "^208\.77\.208\.186$" DenyAccess
SetEnvIF X-CLUSTER-CLIENT-IP "^208\.77\.208\.186$" DenyAccess
order allow,deny
deny from env=DenyAccess
deny from 208.77.208.186
allow from all
#Quick ban IP. Will be updated on next formal rules save.
SetEnvIF REMOTE_ADDR "^208\.77\.208\.186$" DenyAccess
SetEnvIF X-FORWARDED-FOR "^208\.77\.208\.186$" DenyAccess
SetEnvIF X-CLUSTER-CLIENT-IP "^208\.77\.208\.186$" DenyAccess
order allow,deny
deny from env=DenyAccess
deny from 208.77.208.186
allow from all
#Quick ban IP. Will be updated on next formal rules save.
SetEnvIF REMOTE_ADDR "^208\.77\.208\.186$" DenyAccess
SetEnvIF X-FORWARDED-FOR "^208\.77\.208\.186$" DenyAccess
SetEnvIF X-CLUSTER-CLIENT-IP "^208\.77\.208\.186$" DenyAccess
order allow,deny
deny from env=DenyAccess
deny from 208.77.208.186
allow from all
#Quick ban IP. Will be updated on next formal rules save.
SetEnvIF REMOTE_ADDR "^208\.77\.208\.186$" DenyAccess
SetEnvIF X-FORWARDED-FOR "^208\.77\.208\.186$" DenyAccess
SetEnvIF X-CLUSTER-CLIENT-IP "^208\.77\.208\.186$" DenyAccess
order allow,deny
deny from env=DenyAccess
deny from 208.77.208.186
allow from all
#Quick ban IP. Will be updated on next formal rules save.
SetEnvIF REMOTE_ADDR "^208\.77\.208\.186$" DenyAccess
SetEnvIF X-FORWARDED-FOR "^208\.77\.208\.186$" DenyAccess
SetEnvIF X-CLUSTER-CLIENT-IP "^208\.77\.208\.186$" DenyAccess
order allow,deny
deny from env=DenyAccess
deny from 208.77.208.186
allow from all
#Quick ban IP. Will be updated on next formal rules save.
SetEnvIF REMOTE_ADDR "^208\.77\.208\.186$" DenyAccess
SetEnvIF X-FORWARDED-FOR "^208\.77\.208\.186$" DenyAccess
SetEnvIF X-CLUSTER-CLIENT-IP "^208\.77\.208\.186$" DenyAccess
order allow,deny
deny from env=DenyAccess
deny from 208.77.208.186
allow from all
#Quick ban IP. Will be updated on next formal rules save.
SetEnvIF REMOTE_ADDR "^91\.230\.12\.59$" DenyAccess
SetEnvIF X-FORWARDED-FOR "^91\.230\.12\.59$" DenyAccess
SetEnvIF X-CLUSTER-CLIENT-IP "^91\.230\.12\.59$" DenyAccess
order allow,deny
deny from env=DenyAccess
deny from 91.230.12.59
allow from all
#Quick ban IP. Will be updated on next formal rules save.
SetEnvIF REMOTE_ADDR "^73\.3\.251\.224$" DenyAccess
SetEnvIF X-FORWARDED-FOR "^73\.3\.251\.224$" DenyAccess
SetEnvIF X-CLUSTER-CLIENT-IP "^73\.3\.251\.224$" DenyAccess
order allow,deny
deny from env=DenyAccess
deny from 73.3.251.224
allow from all
#Quick ban IP. Will be updated on next formal rules save.
SetEnvIF REMOTE_ADDR "^162\.129\.251\.20$" DenyAccess
SetEnvIF X-FORWARDED-FOR "^162\.129\.251\.20$" DenyAccess
SetEnvIF X-CLUSTER-CLIENT-IP "^162\.129\.251\.20$" DenyAccess
order allow,deny
deny from env=DenyAccess
deny from 162.129.251.20
allow from all
#Quick ban IP. Will be updated on next formal rules save.
SetEnvIF REMOTE_ADDR "^41\.186\.31\.229$" DenyAccess
SetEnvIF X-FORWARDED-FOR "^41\.186\.31\.229$" DenyAccess
SetEnvIF X-CLUSTER-CLIENT-IP "^41\.186\.31\.229$" DenyAccess
order allow,deny
deny from env=DenyAccess
deny from 41.186.31.229
allow from all
#Quick ban IP. Will be updated on next formal rules save.
SetEnvIF REMOTE_ADDR "^41\.186\.31\.229$" DenyAccess
SetEnvIF X-FORWARDED-FOR "^41\.186\.31\.229$" DenyAccess
SetEnvIF X-CLUSTER-CLIENT-IP "^41\.186\.31\.229$" DenyAccess
order allow,deny
deny from env=DenyAccess
deny from 41.186.31.229
allow from all
#Quick ban IP. Will be updated on next formal rules save.
SetEnvIF REMOTE_ADDR "^41\.186\.31\.229$" DenyAccess
SetEnvIF X-FORWARDED-FOR "^41\.186\.31\.229$" DenyAccess
SetEnvIF X-CLUSTER-CLIENT-IP "^41\.186\.31\.229$" DenyAccess
order allow,deny
deny from env=DenyAccess
deny from 41.186.31.229
allow from all
#Quick ban IP. Will be updated on next formal rules save.
SetEnvIF REMOTE_ADDR "^41\.186\.31\.229$" DenyAccess
SetEnvIF X-FORWARDED-FOR "^41\.186\.31\.229$" DenyAccess
SetEnvIF X-CLUSTER-CLIENT-IP "^41\.186\.31\.229$" DenyAccess
order allow,deny
deny from env=DenyAccess
deny from 41.186.31.229
allow from all
	# BEGIN Ban Users
		# Begin HackRepair.com Blacklist
		RewriteEngine on
		RewriteCond %{HTTP_USER_AGENT} ^$ [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^[Ww]eb[Bb]andit [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Acunetix [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^binlar [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^BlackWidow [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Bolt\ 0 [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Bot\ mailto:craftbot\@yahoo\.com [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^BOT\ for\ JCE [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^casper [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^checkprivacy [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^ChinaClaw [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^clshttp [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^cmsworldmap [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^comodo [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Custo [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Default\ Browser\ 0 [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^diavol [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^DIIbot [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^DISCo [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^dotbot [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Download\ Demon [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^eCatch [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^EirGrabber [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^EmailCollector [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^EmailSiphon [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^EmailWolf [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Express\ WebPictures [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^extract [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^ExtractorPro [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^EyeNetIE [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^feedfinder [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^FHscan [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^FlashGet [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^flicky [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^GetRight [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^GetWeb! [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Go-Ahead-Got-It [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^g00g1e [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Go!Zilla [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^grab [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^GrabNet [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Grafula [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^harvest [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^HMView [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^ia_archiver [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Image\ Stripper [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Image\ Sucker [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^InterGET [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Internet\ Ninja [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^InternetSeer\.com [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^jakarta [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Java [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^JetCar [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^JOC\ Web\ Spider [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^kanagawa [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^kmccrew [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^larbin [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^LeechFTP [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^libwww [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Mass\ Downloader [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Maxthon$ [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^microsoft\.url [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^MIDown\ tool [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^miner [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Mister\ PiX [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Mozilla\.*Indy [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Mozilla\.*NEWT [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^MSFrontPage [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Navroad [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^NearSite [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Net\ Vampire [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^NetAnts [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^NetSpider [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^NetZIP [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^nutch [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Octopus [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Offline\ Explorer [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Offline\ Navigator [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^PageGrabber [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Papa\ Foto [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^pavuk [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^pcBrowser [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^PeoplePal [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^planetwork [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^psbot [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^purebot [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^pycurl [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^RealDownload [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^ReGet [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Rippers\ 0 [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^SeaMonkey$ [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^sitecheck\.internetseer\.com [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^SiteSnagger [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^skygrid [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^SmartDownload [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^sucker [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^SuperBot [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^SuperHTTP [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Surfbot [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^tAkeOut [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Teleport\ Pro [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Toata\ dragostea\ mea\ pentru\ diavola [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^turnit [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^vikspider [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^VoidEYE [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Web\ Image\ Collector [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Web\ Sucker [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^WebAuto [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^WebCopier [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^WebFetch [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^WebGo\ IS [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^WebLeacher [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^WebReaper [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^WebSauger [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^WPScan [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Website\ eXtractor [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Website\ Quester [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^WebStripper [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^WebWhacker [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^WebZIP [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Wget [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Widow [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^WWW-Mechanize [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^WWWOFFLE [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Xaldon\ WebSpider [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Yandex [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Zeus [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^zmeu [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} AhrefsBot [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} CazoodleBot [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} discobot [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ecxi [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} GT::WWW [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} heritrix [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} HTTP::Lite [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} HTTrack [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ia_archiver [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} id-search [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} id-search\.org [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} IDBot [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} Indy\ Library [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} IRLbot [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ISC\ Systems\ iRc\ Search\ 2\.1 [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} LinksManager.com_bot [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} linkwalker [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} lwp-trivial [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} MFC_Tear_Sample [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} Microsoft\ URL\ Control [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} Missigua\ Locator [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} MJ12bot [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} panscient.com [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} PECL::HTTP [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} PHPCrawl [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} PleaseCrawl [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} SBIder [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} Snoopy [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} Steeler [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} URI::Fetch [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} urllib [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} Web\ Sucker [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} webalta [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} WebCollage [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} Wells\ Search\ II [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} WEP\ Search [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} zermelo [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ZyBorg [NC]
		RewriteRule ^.* - [F,L]
		# End HackRepair.com Blacklist, http://pastebin.com/u/hackrepair
		
	# END Ban Users
	# BEGIN Hide Backend
			# Rules to hide the dashboard
			RewriteRule ^/pfplogin/?$ /wp-login.php [QSA,L]
		
	# END Hide Backend
	# BEGIN Tweaks
		# Rules to block access to WordPress specific files
		<files .htaccess>
			Order allow,deny
			Deny from all
		</files>
		<files readme.html>
			Order allow,deny
			Deny from all
		</files>
		<files readme.txt>
			Order allow,deny
			Deny from all
		</files>
		<files install.php>
			Order allow,deny
			Deny from all
		</files>
		<files wp-config.php>
			Order allow,deny
			Deny from all
		</files>
		
		# Rules to disable XML-RPC
		<files xmlrpc.php>
			Order allow,deny
			Deny from all
		</files>
		
		# Rules to disable directory browsing
		Options -Indexes
		
		<IfModule mod_rewrite.c>
			RewriteEngine On
		
			# Rules to protect wp-includes
			RewriteRule ^wp-admin/includes/ - [F]
			RewriteRule !^wp-includes/ - [S=3]
			RewriteCond %{SCRIPT_FILENAME} !^(.*)wp-includes/ms-files.php
			RewriteRule ^wp-includes/[^/]+\.php$ - [F]
			RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F]
			RewriteRule ^wp-includes/theme-compat/ - [F]
		
			# Rules to prevent php execution in uploads
			RewriteRule ^(.*)/uploads/(.*).php(.?) - [F]
		
			# Rules to block unneeded HTTP methods
			RewriteCond %{REQUEST_METHOD} ^(TRACE|DELETE|TRACK) [NC]
			RewriteRule ^(.*)$ - [F]
		
			# Rules to block suspicious URIs
			RewriteCond %{QUERY_STRING} \.\.\/ [NC,OR]
			RewriteCond %{QUERY_STRING} ^.*\.(bash|git|hg|log|svn|swp|cvs) [NC,OR]
			RewriteCond %{QUERY_STRING} etc/passwd [NC,OR]
			RewriteCond %{QUERY_STRING} boot\.ini [NC,OR]
			RewriteCond %{QUERY_STRING} ftp\:  [NC,OR]
			RewriteCond %{QUERY_STRING} http\:  [NC,OR]
			RewriteCond %{QUERY_STRING} https\:  [NC,OR]
			RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
			RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|%3D) [NC,OR]
			RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [NC,OR]
			RewriteCond %{QUERY_STRING} ^.*(\[|\]|\(|\)|<|>|ê|"|;|\?|\*|=$).* [NC,OR]
			RewriteCond %{QUERY_STRING} ^.*(&#x22;|&#x27;|&#x3C;|&#x3E;|&#x5C;|&#x7B;|&#x7C;).* [NC,OR]
			RewriteCond %{QUERY_STRING} ^.*(%24&x).* [NC,OR]
			RewriteCond %{QUERY_STRING} ^.*(127\.0).* [NC,OR]
			RewriteCond %{QUERY_STRING} ^.*(globals|encode|localhost|loopback).* [NC,OR]
			RewriteCond %{QUERY_STRING} ^.*(request|concat|insert|union|declare).* [NC]
			RewriteCond %{QUERY_STRING} !^loggedout=true
			RewriteCond %{QUERY_STRING} !^action=jetpack-sso
			RewriteCond %{QUERY_STRING} !^action=rp
			RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in_.*$
			RewriteCond %{HTTP_REFERER} !^http://maps\.googleapis\.com(.*)$
			RewriteRule ^(.*)$ - [F]
		
			# Rules to block foreign characters in URLs
			RewriteCond %{QUERY_STRING} ^.*(%0|%A|%B|%C|%D|%E|%F).* [NC]
			RewriteRule ^(.*)$ - [F]
		
			# Rules to help reduce spam
			RewriteCond %{REQUEST_METHOD} POST
			RewriteCond %{REQUEST_URI} ^(.*)wp-comments-post\.php*
			RewriteCond %{HTTP_REFERER} !^(.*)ebwebwork.com.* 
			RewriteCond %{HTTP_REFERER} !^http://jetpack\.wordpress\.com/jetpack-comment/ [OR]
			RewriteCond %{HTTP_USER_AGENT} ^$
			RewriteRule ^(.*)$ - [F]
		</IfModule>
	# END Tweaks
# END iThemes Security
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteRule ^pfplogin/?$ /wp-login.php [QSA,L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress

Open in new window

0
 
LVL 58

Expert Comment

by:Gary
ID: 40471749
Are you sure your IP is not in the long list of banned IP's
0
Secure Your WordPress Site: 5 Essential Approaches

WordPress is the web's most popular CMS, but its dominance also makes it a target for attackers. Our eBook will show you how to:

Prevent costly exploits of core and plugin vulnerabilities
Repel automated attacks
Lock down your dashboard, secure your code, and protect your users

 
LVL 3

Author Comment

by:Eric Bourland
ID: 40471753
Pretty sure. The server IP is: 162.208.0.170

... which is not in .htaccess.
0
 
LVL 3

Author Comment

by:Eric Bourland
ID: 40471755
I guess I could take out all of the banned IPs.

Or I could take out all of the references to iThemes Security. Do you think I should try that next?
0
 
LVL 58

Expert Comment

by:Gary
ID: 40471762
You can try - that seems the obvious reason for being banned from the server.
0
 
LVL 3

Author Comment

by:Eric Bourland
ID: 40471766
Dear Gary,

I thought so too -- so I pared .htaccess down to just:

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteRule ^pfplogin/?$ /wp-login.php [QSA,L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress

But I still get the 403 error.

I think at this point I am going to ask the ISP to delete and reinstall the web site as a new wordpress site. Then I will copy over the files and import the database and we will see if that works.

Thank you again for your help.

Eric
0
 
LVL 58

Expert Comment

by:Gary
ID: 40471771
Then it most likely is a folder/file permission
0
 
LVL 3

Author Comment

by:Eric Bourland
ID: 40471774
I agree.
0
 
LVL 3

Author Closing Comment

by:Eric Bourland
ID: 40471807
Dear Gary,

It looks like it was .htaccess after all. For some reason the pared-down version of .htaccess that I uploaded ... did not get uploaded or recognized. I uploaded it again and was able to access the web site.

Now, I have other problems -- missing content, broken CSS, and so on -- but at least I can access the web site. Thanks very much for your help.

Eric
0

Featured Post

Secure Your WordPress Site: 5 Essential Approaches

WordPress is the web's most popular CMS, but its dominance also makes it a target for attackers. Our eBook will show you how to:

Prevent costly exploits of core and plugin vulnerabilities
Repel automated attacks
Lock down your dashboard, secure your code, and protect your users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

WordPress can be pretty daunting, especially for a beginner, so I thought it might be a good idea to write an article to show how easy it is to get started in WordPress and to design a custom theme.  The first step is to check with your hosting comp…
WordPress is constantly evolving, and with each evolution appears to get better and better.  One of the big drawbacks prior to version 3 was that there was no way to be able to set up a custom menu from the backend. The Old Way Adding menus is…
The purpose of this video is to demonstrate how to properly insert a Vimeo Video into a WordPress site or Blog. This will be demonstrated using a Windows 8 PC. Go to your WordPress login page. This will look like the following: mywebsite.com/wp…
This video teaches viewers how to create their own website using cPanel and Wordpress. Tutorial walks users through how to set up their own domain name from tools like Domain Registrar, Hosting Account, and Wordpress. More specifically, the order in…
Suggested Courses

710 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question