Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

403 error at http://www.pigsforpeace.org/

Posted on 2014-11-29
10
251 Views
Last Modified: 2014-11-29
WordPress 4.0.1

Friends,

Good morning; I hope your Thanksgiving holiday (if you celebrate) was relaxing.

I'm frustrated by a problem with one of my WordPress sites -- http://www.pigsforpeace.org/.

Short version:
* Right now I get a 403 error when I try to access the site. Obviously I cannot log in to WordPress dashboard anymore.

* The technician at the ISP, viviotech, says he does not see any permission errors in the httpd.conf file.

* I checked my .hthaccess file but that looks OK too; there are some statements in .htaccess from the iThemes security plugin, but that is all. I give the .htaccess file, below.

Details:
* I am trying to transfer the web site at http://test.ebwebwork.com to http://www.pigsforpeace.org/.

* My plan is to use PHPMyAdmin to export the test database, replace test.ebwebwork.com with www.pigsforpeace.org, and import the revised database

* I have not done that yet -- because php.ini does not allow me to upload a large file; I am working on this separately

* Anyway, sometime around yesterday, I suddenly started getting  a 403 at http://www.pigsforpeace.org/

* Previously I was at least able to view the http://www.pigsforpeace.org/ site and log in to WP dashboard.

Do you have any thoughts about what is going on with the 403?

Thank you for your time and help, and for patiently reading this long question. =)

Peace.

Eric
0
Comment
Question by:Eric Bourland
  • 6
  • 4
10 Comments
 
LVL 58

Accepted Solution

by:
Gary earned 500 total points
ID: 40471738
You haven't given your htaccess code - it's probably the likely culprit
0
 
LVL 3

Author Comment

by:Eric Bourland
ID: 40471744
I apologize. Here is .htaccess:

# BEGIN iThemes Security
#Quick ban IP. Will be updated on next formal rules save.
SetEnvIF REMOTE_ADDR "^177\.180\.149\.25$" DenyAccess
SetEnvIF X-FORWARDED-FOR "^177\.180\.149\.25$" DenyAccess
SetEnvIF X-CLUSTER-CLIENT-IP "^177\.180\.149\.25$" DenyAccess
order allow,deny
deny from env=DenyAccess
deny from 177.180.149.25
allow from all
#Quick ban IP. Will be updated on next formal rules save.
SetEnvIF REMOTE_ADDR "^69\.250\.144\.41$" DenyAccess
SetEnvIF X-FORWARDED-FOR "^69\.250\.144\.41$" DenyAccess
SetEnvIF X-CLUSTER-CLIENT-IP "^69\.250\.144\.41$" DenyAccess
order allow,deny
deny from env=DenyAccess
deny from 69.250.144.41
allow from all
#Quick ban IP. Will be updated on next formal rules save.
SetEnvIF REMOTE_ADDR "^69\.250\.144\.41$" DenyAccess
SetEnvIF X-FORWARDED-FOR "^69\.250\.144\.41$" DenyAccess
SetEnvIF X-CLUSTER-CLIENT-IP "^69\.250\.144\.41$" DenyAccess
order allow,deny
deny from env=DenyAccess
deny from 69.250.144.41
allow from all
#Quick ban IP. Will be updated on next formal rules save.
SetEnvIF REMOTE_ADDR "^208\.77\.208\.186$" DenyAccess
SetEnvIF X-FORWARDED-FOR "^208\.77\.208\.186$" DenyAccess
SetEnvIF X-CLUSTER-CLIENT-IP "^208\.77\.208\.186$" DenyAccess
order allow,deny
deny from env=DenyAccess
deny from 208.77.208.186
allow from all
#Quick ban IP. Will be updated on next formal rules save.
SetEnvIF REMOTE_ADDR "^208\.77\.208\.186$" DenyAccess
SetEnvIF X-FORWARDED-FOR "^208\.77\.208\.186$" DenyAccess
SetEnvIF X-CLUSTER-CLIENT-IP "^208\.77\.208\.186$" DenyAccess
order allow,deny
deny from env=DenyAccess
deny from 208.77.208.186
allow from all
#Quick ban IP. Will be updated on next formal rules save.
SetEnvIF REMOTE_ADDR "^208\.77\.208\.186$" DenyAccess
SetEnvIF X-FORWARDED-FOR "^208\.77\.208\.186$" DenyAccess
SetEnvIF X-CLUSTER-CLIENT-IP "^208\.77\.208\.186$" DenyAccess
order allow,deny
deny from env=DenyAccess
deny from 208.77.208.186
allow from all
#Quick ban IP. Will be updated on next formal rules save.
SetEnvIF REMOTE_ADDR "^208\.77\.208\.186$" DenyAccess
SetEnvIF X-FORWARDED-FOR "^208\.77\.208\.186$" DenyAccess
SetEnvIF X-CLUSTER-CLIENT-IP "^208\.77\.208\.186$" DenyAccess
order allow,deny
deny from env=DenyAccess
deny from 208.77.208.186
allow from all
#Quick ban IP. Will be updated on next formal rules save.
SetEnvIF REMOTE_ADDR "^208\.77\.208\.186$" DenyAccess
SetEnvIF X-FORWARDED-FOR "^208\.77\.208\.186$" DenyAccess
SetEnvIF X-CLUSTER-CLIENT-IP "^208\.77\.208\.186$" DenyAccess
order allow,deny
deny from env=DenyAccess
deny from 208.77.208.186
allow from all
#Quick ban IP. Will be updated on next formal rules save.
SetEnvIF REMOTE_ADDR "^208\.77\.208\.186$" DenyAccess
SetEnvIF X-FORWARDED-FOR "^208\.77\.208\.186$" DenyAccess
SetEnvIF X-CLUSTER-CLIENT-IP "^208\.77\.208\.186$" DenyAccess
order allow,deny
deny from env=DenyAccess
deny from 208.77.208.186
allow from all
#Quick ban IP. Will be updated on next formal rules save.
SetEnvIF REMOTE_ADDR "^91\.230\.12\.59$" DenyAccess
SetEnvIF X-FORWARDED-FOR "^91\.230\.12\.59$" DenyAccess
SetEnvIF X-CLUSTER-CLIENT-IP "^91\.230\.12\.59$" DenyAccess
order allow,deny
deny from env=DenyAccess
deny from 91.230.12.59
allow from all
#Quick ban IP. Will be updated on next formal rules save.
SetEnvIF REMOTE_ADDR "^73\.3\.251\.224$" DenyAccess
SetEnvIF X-FORWARDED-FOR "^73\.3\.251\.224$" DenyAccess
SetEnvIF X-CLUSTER-CLIENT-IP "^73\.3\.251\.224$" DenyAccess
order allow,deny
deny from env=DenyAccess
deny from 73.3.251.224
allow from all
#Quick ban IP. Will be updated on next formal rules save.
SetEnvIF REMOTE_ADDR "^162\.129\.251\.20$" DenyAccess
SetEnvIF X-FORWARDED-FOR "^162\.129\.251\.20$" DenyAccess
SetEnvIF X-CLUSTER-CLIENT-IP "^162\.129\.251\.20$" DenyAccess
order allow,deny
deny from env=DenyAccess
deny from 162.129.251.20
allow from all
#Quick ban IP. Will be updated on next formal rules save.
SetEnvIF REMOTE_ADDR "^41\.186\.31\.229$" DenyAccess
SetEnvIF X-FORWARDED-FOR "^41\.186\.31\.229$" DenyAccess
SetEnvIF X-CLUSTER-CLIENT-IP "^41\.186\.31\.229$" DenyAccess
order allow,deny
deny from env=DenyAccess
deny from 41.186.31.229
allow from all
#Quick ban IP. Will be updated on next formal rules save.
SetEnvIF REMOTE_ADDR "^41\.186\.31\.229$" DenyAccess
SetEnvIF X-FORWARDED-FOR "^41\.186\.31\.229$" DenyAccess
SetEnvIF X-CLUSTER-CLIENT-IP "^41\.186\.31\.229$" DenyAccess
order allow,deny
deny from env=DenyAccess
deny from 41.186.31.229
allow from all
#Quick ban IP. Will be updated on next formal rules save.
SetEnvIF REMOTE_ADDR "^41\.186\.31\.229$" DenyAccess
SetEnvIF X-FORWARDED-FOR "^41\.186\.31\.229$" DenyAccess
SetEnvIF X-CLUSTER-CLIENT-IP "^41\.186\.31\.229$" DenyAccess
order allow,deny
deny from env=DenyAccess
deny from 41.186.31.229
allow from all
#Quick ban IP. Will be updated on next formal rules save.
SetEnvIF REMOTE_ADDR "^41\.186\.31\.229$" DenyAccess
SetEnvIF X-FORWARDED-FOR "^41\.186\.31\.229$" DenyAccess
SetEnvIF X-CLUSTER-CLIENT-IP "^41\.186\.31\.229$" DenyAccess
order allow,deny
deny from env=DenyAccess
deny from 41.186.31.229
allow from all
	# BEGIN Ban Users
		# Begin HackRepair.com Blacklist
		RewriteEngine on
		RewriteCond %{HTTP_USER_AGENT} ^$ [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^[Ww]eb[Bb]andit [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Acunetix [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^binlar [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^BlackWidow [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Bolt\ 0 [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Bot\ mailto:craftbot\@yahoo\.com [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^BOT\ for\ JCE [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^casper [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^checkprivacy [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^ChinaClaw [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^clshttp [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^cmsworldmap [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^comodo [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Custo [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Default\ Browser\ 0 [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^diavol [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^DIIbot [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^DISCo [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^dotbot [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Download\ Demon [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^eCatch [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^EirGrabber [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^EmailCollector [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^EmailSiphon [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^EmailWolf [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Express\ WebPictures [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^extract [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^ExtractorPro [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^EyeNetIE [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^feedfinder [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^FHscan [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^FlashGet [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^flicky [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^GetRight [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^GetWeb! [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Go-Ahead-Got-It [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^g00g1e [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Go!Zilla [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^grab [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^GrabNet [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Grafula [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^harvest [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^HMView [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^ia_archiver [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Image\ Stripper [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Image\ Sucker [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^InterGET [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Internet\ Ninja [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^InternetSeer\.com [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^jakarta [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Java [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^JetCar [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^JOC\ Web\ Spider [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^kanagawa [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^kmccrew [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^larbin [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^LeechFTP [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^libwww [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Mass\ Downloader [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Maxthon$ [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^microsoft\.url [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^MIDown\ tool [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^miner [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Mister\ PiX [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Mozilla\.*Indy [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Mozilla\.*NEWT [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^MSFrontPage [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Navroad [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^NearSite [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Net\ Vampire [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^NetAnts [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^NetSpider [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^NetZIP [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^nutch [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Octopus [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Offline\ Explorer [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Offline\ Navigator [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^PageGrabber [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Papa\ Foto [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^pavuk [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^pcBrowser [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^PeoplePal [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^planetwork [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^psbot [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^purebot [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^pycurl [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^RealDownload [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^ReGet [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Rippers\ 0 [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^SeaMonkey$ [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^sitecheck\.internetseer\.com [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^SiteSnagger [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^skygrid [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^SmartDownload [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^sucker [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^SuperBot [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^SuperHTTP [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Surfbot [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^tAkeOut [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Teleport\ Pro [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Toata\ dragostea\ mea\ pentru\ diavola [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^turnit [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^vikspider [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^VoidEYE [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Web\ Image\ Collector [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Web\ Sucker [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^WebAuto [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^WebCopier [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^WebFetch [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^WebGo\ IS [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^WebLeacher [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^WebReaper [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^WebSauger [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^WPScan [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Website\ eXtractor [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Website\ Quester [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^WebStripper [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^WebWhacker [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^WebZIP [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Wget [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Widow [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^WWW-Mechanize [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^WWWOFFLE [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Xaldon\ WebSpider [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Yandex [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Zeus [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^zmeu [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} AhrefsBot [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} CazoodleBot [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} discobot [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ecxi [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} GT::WWW [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} heritrix [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} HTTP::Lite [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} HTTrack [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ia_archiver [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} id-search [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} id-search\.org [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} IDBot [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} Indy\ Library [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} IRLbot [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ISC\ Systems\ iRc\ Search\ 2\.1 [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} LinksManager.com_bot [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} linkwalker [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} lwp-trivial [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} MFC_Tear_Sample [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} Microsoft\ URL\ Control [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} Missigua\ Locator [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} MJ12bot [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} panscient.com [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} PECL::HTTP [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} PHPCrawl [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} PleaseCrawl [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} SBIder [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} Snoopy [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} Steeler [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} URI::Fetch [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} urllib [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} Web\ Sucker [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} webalta [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} WebCollage [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} Wells\ Search\ II [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} WEP\ Search [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} zermelo [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ZyBorg [NC]
		RewriteRule ^.* - [F,L]
		# End HackRepair.com Blacklist, http://pastebin.com/u/hackrepair
		
	# END Ban Users
	# BEGIN Hide Backend
			# Rules to hide the dashboard
			RewriteRule ^/pfplogin/?$ /wp-login.php [QSA,L]
		
	# END Hide Backend
	# BEGIN Tweaks
		# Rules to block access to WordPress specific files
		<files .htaccess>
			Order allow,deny
			Deny from all
		</files>
		<files readme.html>
			Order allow,deny
			Deny from all
		</files>
		<files readme.txt>
			Order allow,deny
			Deny from all
		</files>
		<files install.php>
			Order allow,deny
			Deny from all
		</files>
		<files wp-config.php>
			Order allow,deny
			Deny from all
		</files>
		
		# Rules to disable XML-RPC
		<files xmlrpc.php>
			Order allow,deny
			Deny from all
		</files>
		
		# Rules to disable directory browsing
		Options -Indexes
		
		<IfModule mod_rewrite.c>
			RewriteEngine On
		
			# Rules to protect wp-includes
			RewriteRule ^wp-admin/includes/ - [F]
			RewriteRule !^wp-includes/ - [S=3]
			RewriteCond %{SCRIPT_FILENAME} !^(.*)wp-includes/ms-files.php
			RewriteRule ^wp-includes/[^/]+\.php$ - [F]
			RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F]
			RewriteRule ^wp-includes/theme-compat/ - [F]
		
			# Rules to prevent php execution in uploads
			RewriteRule ^(.*)/uploads/(.*).php(.?) - [F]
		
			# Rules to block unneeded HTTP methods
			RewriteCond %{REQUEST_METHOD} ^(TRACE|DELETE|TRACK) [NC]
			RewriteRule ^(.*)$ - [F]
		
			# Rules to block suspicious URIs
			RewriteCond %{QUERY_STRING} \.\.\/ [NC,OR]
			RewriteCond %{QUERY_STRING} ^.*\.(bash|git|hg|log|svn|swp|cvs) [NC,OR]
			RewriteCond %{QUERY_STRING} etc/passwd [NC,OR]
			RewriteCond %{QUERY_STRING} boot\.ini [NC,OR]
			RewriteCond %{QUERY_STRING} ftp\:  [NC,OR]
			RewriteCond %{QUERY_STRING} http\:  [NC,OR]
			RewriteCond %{QUERY_STRING} https\:  [NC,OR]
			RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
			RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|%3D) [NC,OR]
			RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [NC,OR]
			RewriteCond %{QUERY_STRING} ^.*(\[|\]|\(|\)|<|>|ê|"|;|\?|\*|=$).* [NC,OR]
			RewriteCond %{QUERY_STRING} ^.*(&#x22;|&#x27;|&#x3C;|&#x3E;|&#x5C;|&#x7B;|&#x7C;).* [NC,OR]
			RewriteCond %{QUERY_STRING} ^.*(%24&x).* [NC,OR]
			RewriteCond %{QUERY_STRING} ^.*(127\.0).* [NC,OR]
			RewriteCond %{QUERY_STRING} ^.*(globals|encode|localhost|loopback).* [NC,OR]
			RewriteCond %{QUERY_STRING} ^.*(request|concat|insert|union|declare).* [NC]
			RewriteCond %{QUERY_STRING} !^loggedout=true
			RewriteCond %{QUERY_STRING} !^action=jetpack-sso
			RewriteCond %{QUERY_STRING} !^action=rp
			RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in_.*$
			RewriteCond %{HTTP_REFERER} !^http://maps\.googleapis\.com(.*)$
			RewriteRule ^(.*)$ - [F]
		
			# Rules to block foreign characters in URLs
			RewriteCond %{QUERY_STRING} ^.*(%0|%A|%B|%C|%D|%E|%F).* [NC]
			RewriteRule ^(.*)$ - [F]
		
			# Rules to help reduce spam
			RewriteCond %{REQUEST_METHOD} POST
			RewriteCond %{REQUEST_URI} ^(.*)wp-comments-post\.php*
			RewriteCond %{HTTP_REFERER} !^(.*)ebwebwork.com.* 
			RewriteCond %{HTTP_REFERER} !^http://jetpack\.wordpress\.com/jetpack-comment/ [OR]
			RewriteCond %{HTTP_USER_AGENT} ^$
			RewriteRule ^(.*)$ - [F]
		</IfModule>
	# END Tweaks
# END iThemes Security
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteRule ^pfplogin/?$ /wp-login.php [QSA,L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress

Open in new window

0
 
LVL 58

Expert Comment

by:Gary
ID: 40471749
Are you sure your IP is not in the long list of banned IP's
0
Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
LVL 3

Author Comment

by:Eric Bourland
ID: 40471753
Pretty sure. The server IP is: 162.208.0.170

... which is not in .htaccess.
0
 
LVL 3

Author Comment

by:Eric Bourland
ID: 40471755
I guess I could take out all of the banned IPs.

Or I could take out all of the references to iThemes Security. Do you think I should try that next?
0
 
LVL 58

Expert Comment

by:Gary
ID: 40471762
You can try - that seems the obvious reason for being banned from the server.
0
 
LVL 3

Author Comment

by:Eric Bourland
ID: 40471766
Dear Gary,

I thought so too -- so I pared .htaccess down to just:

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteRule ^pfplogin/?$ /wp-login.php [QSA,L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress

But I still get the 403 error.

I think at this point I am going to ask the ISP to delete and reinstall the web site as a new wordpress site. Then I will copy over the files and import the database and we will see if that works.

Thank you again for your help.

Eric
0
 
LVL 58

Expert Comment

by:Gary
ID: 40471771
Then it most likely is a folder/file permission
0
 
LVL 3

Author Comment

by:Eric Bourland
ID: 40471774
I agree.
0
 
LVL 3

Author Closing Comment

by:Eric Bourland
ID: 40471807
Dear Gary,

It looks like it was .htaccess after all. For some reason the pared-down version of .htaccess that I uploaded ... did not get uploaded or recognized. I uploaded it again and was able to access the web site.

Now, I have other problems -- missing content, broken CSS, and so on -- but at least I can access the web site. Thanks very much for your help.

Eric
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

What's this? As a volunteer Page Editor for Experts-Exchange.com, I have noticed that many authors also have blogs, and pull articles from their blogs to post at Experts-Exchange. I appreciate each author sharing their blog content with our site …
WordPress can be pretty daunting, especially for a beginner, so I thought it might be a good idea to write an article to show how easy it is to get started in WordPress and to design a custom theme.  The first step is to check with your hosting comp…
The purpose of this video is to demonstrate how to make a WordPress Site faster and smaller in size by cleaning up the database. This will be demonstrated using a Windows 8 PC. Plugin WP Optimize will be used. Go to your WordPress login page. T…
The purpose of this video is to demonstrate how to Import and export files in WordPress. This will be demonstrated using a Windows 8 PC. Go to your WordPress login page. This will look like the following: mywebsite.com/wp-login.php : Click on Too…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question