403 error at http://www.pigsforpeace.org/

WordPress 4.0.1

Friends,

Good morning; I hope your Thanksgiving holiday (if you celebrate) was relaxing.

I'm frustrated by a problem with one of my WordPress sites -- http://www.pigsforpeace.org/.

Short version:
* Right now I get a 403 error when I try to access the site. Obviously I cannot log in to WordPress dashboard anymore.

* The technician at the ISP, viviotech, says he does not see any permission errors in the httpd.conf file.

* I checked my .hthaccess file but that looks OK too; there are some statements in .htaccess from the iThemes security plugin, but that is all. I give the .htaccess file, below.

Details:
* I am trying to transfer the web site at http://test.ebwebwork.com to http://www.pigsforpeace.org/.

* My plan is to use PHPMyAdmin to export the test database, replace test.ebwebwork.com with www.pigsforpeace.org, and import the revised database

* I have not done that yet -- because php.ini does not allow me to upload a large file; I am working on this separately

* Anyway, sometime around yesterday, I suddenly started getting  a 403 at http://www.pigsforpeace.org/

* Previously I was at least able to view the http://www.pigsforpeace.org/ site and log in to WP dashboard.

Do you have any thoughts about what is going on with the 403?

Thank you for your time and help, and for patiently reading this long question. =)

Peace.

Eric
LVL 3
Eric BourlandAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

GaryCommented:
You haven't given your htaccess code - it's probably the likely culprit
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Eric BourlandAuthor Commented:
I apologize. Here is .htaccess:

# BEGIN iThemes Security
#Quick ban IP. Will be updated on next formal rules save.
SetEnvIF REMOTE_ADDR "^177\.180\.149\.25$" DenyAccess
SetEnvIF X-FORWARDED-FOR "^177\.180\.149\.25$" DenyAccess
SetEnvIF X-CLUSTER-CLIENT-IP "^177\.180\.149\.25$" DenyAccess
order allow,deny
deny from env=DenyAccess
deny from 177.180.149.25
allow from all
#Quick ban IP. Will be updated on next formal rules save.
SetEnvIF REMOTE_ADDR "^69\.250\.144\.41$" DenyAccess
SetEnvIF X-FORWARDED-FOR "^69\.250\.144\.41$" DenyAccess
SetEnvIF X-CLUSTER-CLIENT-IP "^69\.250\.144\.41$" DenyAccess
order allow,deny
deny from env=DenyAccess
deny from 69.250.144.41
allow from all
#Quick ban IP. Will be updated on next formal rules save.
SetEnvIF REMOTE_ADDR "^69\.250\.144\.41$" DenyAccess
SetEnvIF X-FORWARDED-FOR "^69\.250\.144\.41$" DenyAccess
SetEnvIF X-CLUSTER-CLIENT-IP "^69\.250\.144\.41$" DenyAccess
order allow,deny
deny from env=DenyAccess
deny from 69.250.144.41
allow from all
#Quick ban IP. Will be updated on next formal rules save.
SetEnvIF REMOTE_ADDR "^208\.77\.208\.186$" DenyAccess
SetEnvIF X-FORWARDED-FOR "^208\.77\.208\.186$" DenyAccess
SetEnvIF X-CLUSTER-CLIENT-IP "^208\.77\.208\.186$" DenyAccess
order allow,deny
deny from env=DenyAccess
deny from 208.77.208.186
allow from all
#Quick ban IP. Will be updated on next formal rules save.
SetEnvIF REMOTE_ADDR "^208\.77\.208\.186$" DenyAccess
SetEnvIF X-FORWARDED-FOR "^208\.77\.208\.186$" DenyAccess
SetEnvIF X-CLUSTER-CLIENT-IP "^208\.77\.208\.186$" DenyAccess
order allow,deny
deny from env=DenyAccess
deny from 208.77.208.186
allow from all
#Quick ban IP. Will be updated on next formal rules save.
SetEnvIF REMOTE_ADDR "^208\.77\.208\.186$" DenyAccess
SetEnvIF X-FORWARDED-FOR "^208\.77\.208\.186$" DenyAccess
SetEnvIF X-CLUSTER-CLIENT-IP "^208\.77\.208\.186$" DenyAccess
order allow,deny
deny from env=DenyAccess
deny from 208.77.208.186
allow from all
#Quick ban IP. Will be updated on next formal rules save.
SetEnvIF REMOTE_ADDR "^208\.77\.208\.186$" DenyAccess
SetEnvIF X-FORWARDED-FOR "^208\.77\.208\.186$" DenyAccess
SetEnvIF X-CLUSTER-CLIENT-IP "^208\.77\.208\.186$" DenyAccess
order allow,deny
deny from env=DenyAccess
deny from 208.77.208.186
allow from all
#Quick ban IP. Will be updated on next formal rules save.
SetEnvIF REMOTE_ADDR "^208\.77\.208\.186$" DenyAccess
SetEnvIF X-FORWARDED-FOR "^208\.77\.208\.186$" DenyAccess
SetEnvIF X-CLUSTER-CLIENT-IP "^208\.77\.208\.186$" DenyAccess
order allow,deny
deny from env=DenyAccess
deny from 208.77.208.186
allow from all
#Quick ban IP. Will be updated on next formal rules save.
SetEnvIF REMOTE_ADDR "^208\.77\.208\.186$" DenyAccess
SetEnvIF X-FORWARDED-FOR "^208\.77\.208\.186$" DenyAccess
SetEnvIF X-CLUSTER-CLIENT-IP "^208\.77\.208\.186$" DenyAccess
order allow,deny
deny from env=DenyAccess
deny from 208.77.208.186
allow from all
#Quick ban IP. Will be updated on next formal rules save.
SetEnvIF REMOTE_ADDR "^91\.230\.12\.59$" DenyAccess
SetEnvIF X-FORWARDED-FOR "^91\.230\.12\.59$" DenyAccess
SetEnvIF X-CLUSTER-CLIENT-IP "^91\.230\.12\.59$" DenyAccess
order allow,deny
deny from env=DenyAccess
deny from 91.230.12.59
allow from all
#Quick ban IP. Will be updated on next formal rules save.
SetEnvIF REMOTE_ADDR "^73\.3\.251\.224$" DenyAccess
SetEnvIF X-FORWARDED-FOR "^73\.3\.251\.224$" DenyAccess
SetEnvIF X-CLUSTER-CLIENT-IP "^73\.3\.251\.224$" DenyAccess
order allow,deny
deny from env=DenyAccess
deny from 73.3.251.224
allow from all
#Quick ban IP. Will be updated on next formal rules save.
SetEnvIF REMOTE_ADDR "^162\.129\.251\.20$" DenyAccess
SetEnvIF X-FORWARDED-FOR "^162\.129\.251\.20$" DenyAccess
SetEnvIF X-CLUSTER-CLIENT-IP "^162\.129\.251\.20$" DenyAccess
order allow,deny
deny from env=DenyAccess
deny from 162.129.251.20
allow from all
#Quick ban IP. Will be updated on next formal rules save.
SetEnvIF REMOTE_ADDR "^41\.186\.31\.229$" DenyAccess
SetEnvIF X-FORWARDED-FOR "^41\.186\.31\.229$" DenyAccess
SetEnvIF X-CLUSTER-CLIENT-IP "^41\.186\.31\.229$" DenyAccess
order allow,deny
deny from env=DenyAccess
deny from 41.186.31.229
allow from all
#Quick ban IP. Will be updated on next formal rules save.
SetEnvIF REMOTE_ADDR "^41\.186\.31\.229$" DenyAccess
SetEnvIF X-FORWARDED-FOR "^41\.186\.31\.229$" DenyAccess
SetEnvIF X-CLUSTER-CLIENT-IP "^41\.186\.31\.229$" DenyAccess
order allow,deny
deny from env=DenyAccess
deny from 41.186.31.229
allow from all
#Quick ban IP. Will be updated on next formal rules save.
SetEnvIF REMOTE_ADDR "^41\.186\.31\.229$" DenyAccess
SetEnvIF X-FORWARDED-FOR "^41\.186\.31\.229$" DenyAccess
SetEnvIF X-CLUSTER-CLIENT-IP "^41\.186\.31\.229$" DenyAccess
order allow,deny
deny from env=DenyAccess
deny from 41.186.31.229
allow from all
#Quick ban IP. Will be updated on next formal rules save.
SetEnvIF REMOTE_ADDR "^41\.186\.31\.229$" DenyAccess
SetEnvIF X-FORWARDED-FOR "^41\.186\.31\.229$" DenyAccess
SetEnvIF X-CLUSTER-CLIENT-IP "^41\.186\.31\.229$" DenyAccess
order allow,deny
deny from env=DenyAccess
deny from 41.186.31.229
allow from all
	# BEGIN Ban Users
		# Begin HackRepair.com Blacklist
		RewriteEngine on
		RewriteCond %{HTTP_USER_AGENT} ^$ [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^[Ww]eb[Bb]andit [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Acunetix [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^binlar [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^BlackWidow [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Bolt\ 0 [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Bot\ mailto:craftbot\@yahoo\.com [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^BOT\ for\ JCE [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^casper [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^checkprivacy [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^ChinaClaw [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^clshttp [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^cmsworldmap [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^comodo [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Custo [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Default\ Browser\ 0 [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^diavol [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^DIIbot [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^DISCo [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^dotbot [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Download\ Demon [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^eCatch [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^EirGrabber [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^EmailCollector [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^EmailSiphon [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^EmailWolf [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Express\ WebPictures [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^extract [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^ExtractorPro [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^EyeNetIE [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^feedfinder [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^FHscan [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^FlashGet [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^flicky [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^GetRight [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^GetWeb! [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Go-Ahead-Got-It [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^g00g1e [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Go!Zilla [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^grab [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^GrabNet [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Grafula [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^harvest [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^HMView [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^ia_archiver [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Image\ Stripper [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Image\ Sucker [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^InterGET [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Internet\ Ninja [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^InternetSeer\.com [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^jakarta [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Java [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^JetCar [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^JOC\ Web\ Spider [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^kanagawa [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^kmccrew [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^larbin [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^LeechFTP [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^libwww [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Mass\ Downloader [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Maxthon$ [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^microsoft\.url [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^MIDown\ tool [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^miner [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Mister\ PiX [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Mozilla\.*Indy [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Mozilla\.*NEWT [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^MSFrontPage [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Navroad [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^NearSite [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Net\ Vampire [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^NetAnts [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^NetSpider [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^NetZIP [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^nutch [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Octopus [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Offline\ Explorer [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Offline\ Navigator [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^PageGrabber [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Papa\ Foto [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^pavuk [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^pcBrowser [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^PeoplePal [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^planetwork [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^psbot [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^purebot [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^pycurl [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^RealDownload [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^ReGet [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Rippers\ 0 [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^SeaMonkey$ [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^sitecheck\.internetseer\.com [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^SiteSnagger [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^skygrid [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^SmartDownload [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^sucker [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^SuperBot [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^SuperHTTP [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Surfbot [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^tAkeOut [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Teleport\ Pro [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Toata\ dragostea\ mea\ pentru\ diavola [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^turnit [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^vikspider [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^VoidEYE [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Web\ Image\ Collector [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Web\ Sucker [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^WebAuto [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^WebCopier [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^WebFetch [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^WebGo\ IS [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^WebLeacher [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^WebReaper [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^WebSauger [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^WPScan [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Website\ eXtractor [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Website\ Quester [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^WebStripper [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^WebWhacker [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^WebZIP [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Wget [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Widow [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^WWW-Mechanize [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^WWWOFFLE [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Xaldon\ WebSpider [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Yandex [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Zeus [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^zmeu [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} AhrefsBot [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} CazoodleBot [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} discobot [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ecxi [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} GT::WWW [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} heritrix [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} HTTP::Lite [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} HTTrack [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ia_archiver [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} id-search [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} id-search\.org [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} IDBot [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} Indy\ Library [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} IRLbot [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ISC\ Systems\ iRc\ Search\ 2\.1 [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} LinksManager.com_bot [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} linkwalker [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} lwp-trivial [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} MFC_Tear_Sample [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} Microsoft\ URL\ Control [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} Missigua\ Locator [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} MJ12bot [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} panscient.com [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} PECL::HTTP [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} PHPCrawl [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} PleaseCrawl [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} SBIder [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} Snoopy [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} Steeler [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} URI::Fetch [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} urllib [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} Web\ Sucker [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} webalta [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} WebCollage [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} Wells\ Search\ II [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} WEP\ Search [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} zermelo [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ZyBorg [NC]
		RewriteRule ^.* - [F,L]
		# End HackRepair.com Blacklist, http://pastebin.com/u/hackrepair
		
	# END Ban Users
	# BEGIN Hide Backend
			# Rules to hide the dashboard
			RewriteRule ^/pfplogin/?$ /wp-login.php [QSA,L]
		
	# END Hide Backend
	# BEGIN Tweaks
		# Rules to block access to WordPress specific files
		<files .htaccess>
			Order allow,deny
			Deny from all
		</files>
		<files readme.html>
			Order allow,deny
			Deny from all
		</files>
		<files readme.txt>
			Order allow,deny
			Deny from all
		</files>
		<files install.php>
			Order allow,deny
			Deny from all
		</files>
		<files wp-config.php>
			Order allow,deny
			Deny from all
		</files>
		
		# Rules to disable XML-RPC
		<files xmlrpc.php>
			Order allow,deny
			Deny from all
		</files>
		
		# Rules to disable directory browsing
		Options -Indexes
		
		<IfModule mod_rewrite.c>
			RewriteEngine On
		
			# Rules to protect wp-includes
			RewriteRule ^wp-admin/includes/ - [F]
			RewriteRule !^wp-includes/ - [S=3]
			RewriteCond %{SCRIPT_FILENAME} !^(.*)wp-includes/ms-files.php
			RewriteRule ^wp-includes/[^/]+\.php$ - [F]
			RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F]
			RewriteRule ^wp-includes/theme-compat/ - [F]
		
			# Rules to prevent php execution in uploads
			RewriteRule ^(.*)/uploads/(.*).php(.?) - [F]
		
			# Rules to block unneeded HTTP methods
			RewriteCond %{REQUEST_METHOD} ^(TRACE|DELETE|TRACK) [NC]
			RewriteRule ^(.*)$ - [F]
		
			# Rules to block suspicious URIs
			RewriteCond %{QUERY_STRING} \.\.\/ [NC,OR]
			RewriteCond %{QUERY_STRING} ^.*\.(bash|git|hg|log|svn|swp|cvs) [NC,OR]
			RewriteCond %{QUERY_STRING} etc/passwd [NC,OR]
			RewriteCond %{QUERY_STRING} boot\.ini [NC,OR]
			RewriteCond %{QUERY_STRING} ftp\:  [NC,OR]
			RewriteCond %{QUERY_STRING} http\:  [NC,OR]
			RewriteCond %{QUERY_STRING} https\:  [NC,OR]
			RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
			RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|%3D) [NC,OR]
			RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [NC,OR]
			RewriteCond %{QUERY_STRING} ^.*(\[|\]|\(|\)|<|>|ê|"|;|\?|\*|=$).* [NC,OR]
			RewriteCond %{QUERY_STRING} ^.*(&#x22;|&#x27;|&#x3C;|&#x3E;|&#x5C;|&#x7B;|&#x7C;).* [NC,OR]
			RewriteCond %{QUERY_STRING} ^.*(%24&x).* [NC,OR]
			RewriteCond %{QUERY_STRING} ^.*(127\.0).* [NC,OR]
			RewriteCond %{QUERY_STRING} ^.*(globals|encode|localhost|loopback).* [NC,OR]
			RewriteCond %{QUERY_STRING} ^.*(request|concat|insert|union|declare).* [NC]
			RewriteCond %{QUERY_STRING} !^loggedout=true
			RewriteCond %{QUERY_STRING} !^action=jetpack-sso
			RewriteCond %{QUERY_STRING} !^action=rp
			RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in_.*$
			RewriteCond %{HTTP_REFERER} !^http://maps\.googleapis\.com(.*)$
			RewriteRule ^(.*)$ - [F]
		
			# Rules to block foreign characters in URLs
			RewriteCond %{QUERY_STRING} ^.*(%0|%A|%B|%C|%D|%E|%F).* [NC]
			RewriteRule ^(.*)$ - [F]
		
			# Rules to help reduce spam
			RewriteCond %{REQUEST_METHOD} POST
			RewriteCond %{REQUEST_URI} ^(.*)wp-comments-post\.php*
			RewriteCond %{HTTP_REFERER} !^(.*)ebwebwork.com.* 
			RewriteCond %{HTTP_REFERER} !^http://jetpack\.wordpress\.com/jetpack-comment/ [OR]
			RewriteCond %{HTTP_USER_AGENT} ^$
			RewriteRule ^(.*)$ - [F]
		</IfModule>
	# END Tweaks
# END iThemes Security
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteRule ^pfplogin/?$ /wp-login.php [QSA,L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress

Open in new window

0
GaryCommented:
Are you sure your IP is not in the long list of banned IP's
0
Cloud Class® Course: CompTIA Cloud+

The CompTIA Cloud+ Basic training course will teach you about cloud concepts and models, data storage, networking, and network infrastructure.

Eric BourlandAuthor Commented:
Pretty sure. The server IP is: 162.208.0.170

... which is not in .htaccess.
0
Eric BourlandAuthor Commented:
I guess I could take out all of the banned IPs.

Or I could take out all of the references to iThemes Security. Do you think I should try that next?
0
GaryCommented:
You can try - that seems the obvious reason for being banned from the server.
0
Eric BourlandAuthor Commented:
Dear Gary,

I thought so too -- so I pared .htaccess down to just:

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteRule ^pfplogin/?$ /wp-login.php [QSA,L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress

But I still get the 403 error.

I think at this point I am going to ask the ISP to delete and reinstall the web site as a new wordpress site. Then I will copy over the files and import the database and we will see if that works.

Thank you again for your help.

Eric
0
GaryCommented:
Then it most likely is a folder/file permission
0
Eric BourlandAuthor Commented:
I agree.
0
Eric BourlandAuthor Commented:
Dear Gary,

It looks like it was .htaccess after all. For some reason the pared-down version of .htaccess that I uploaded ... did not get uploaded or recognized. I uploaded it again and was able to access the web site.

Now, I have other problems -- missing content, broken CSS, and so on -- but at least I can access the web site. Thanks very much for your help.

Eric
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
WordPress

From novice to tech pro — start learning today.