Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

403 error at http://www.pigsforpeace.org/

Posted on 2014-11-29
10
Medium Priority
?
271 Views
Last Modified: 2014-11-29
WordPress 4.0.1

Friends,

Good morning; I hope your Thanksgiving holiday (if you celebrate) was relaxing.

I'm frustrated by a problem with one of my WordPress sites -- http://www.pigsforpeace.org/.

Short version:
* Right now I get a 403 error when I try to access the site. Obviously I cannot log in to WordPress dashboard anymore.

* The technician at the ISP, viviotech, says he does not see any permission errors in the httpd.conf file.

* I checked my .hthaccess file but that looks OK too; there are some statements in .htaccess from the iThemes security plugin, but that is all. I give the .htaccess file, below.

Details:
* I am trying to transfer the web site at http://test.ebwebwork.com to http://www.pigsforpeace.org/.

* My plan is to use PHPMyAdmin to export the test database, replace test.ebwebwork.com with www.pigsforpeace.org, and import the revised database

* I have not done that yet -- because php.ini does not allow me to upload a large file; I am working on this separately

* Anyway, sometime around yesterday, I suddenly started getting  a 403 at http://www.pigsforpeace.org/

* Previously I was at least able to view the http://www.pigsforpeace.org/ site and log in to WP dashboard.

Do you have any thoughts about what is going on with the 403?

Thank you for your time and help, and for patiently reading this long question. =)

Peace.

Eric
0
Comment
Question by:Eric Bourland
  • 6
  • 4
10 Comments
 
LVL 58

Accepted Solution

by:
Gary earned 2000 total points
ID: 40471738
You haven't given your htaccess code - it's probably the likely culprit
0
 
LVL 3

Author Comment

by:Eric Bourland
ID: 40471744
I apologize. Here is .htaccess:

# BEGIN iThemes Security
#Quick ban IP. Will be updated on next formal rules save.
SetEnvIF REMOTE_ADDR "^177\.180\.149\.25$" DenyAccess
SetEnvIF X-FORWARDED-FOR "^177\.180\.149\.25$" DenyAccess
SetEnvIF X-CLUSTER-CLIENT-IP "^177\.180\.149\.25$" DenyAccess
order allow,deny
deny from env=DenyAccess
deny from 177.180.149.25
allow from all
#Quick ban IP. Will be updated on next formal rules save.
SetEnvIF REMOTE_ADDR "^69\.250\.144\.41$" DenyAccess
SetEnvIF X-FORWARDED-FOR "^69\.250\.144\.41$" DenyAccess
SetEnvIF X-CLUSTER-CLIENT-IP "^69\.250\.144\.41$" DenyAccess
order allow,deny
deny from env=DenyAccess
deny from 69.250.144.41
allow from all
#Quick ban IP. Will be updated on next formal rules save.
SetEnvIF REMOTE_ADDR "^69\.250\.144\.41$" DenyAccess
SetEnvIF X-FORWARDED-FOR "^69\.250\.144\.41$" DenyAccess
SetEnvIF X-CLUSTER-CLIENT-IP "^69\.250\.144\.41$" DenyAccess
order allow,deny
deny from env=DenyAccess
deny from 69.250.144.41
allow from all
#Quick ban IP. Will be updated on next formal rules save.
SetEnvIF REMOTE_ADDR "^208\.77\.208\.186$" DenyAccess
SetEnvIF X-FORWARDED-FOR "^208\.77\.208\.186$" DenyAccess
SetEnvIF X-CLUSTER-CLIENT-IP "^208\.77\.208\.186$" DenyAccess
order allow,deny
deny from env=DenyAccess
deny from 208.77.208.186
allow from all
#Quick ban IP. Will be updated on next formal rules save.
SetEnvIF REMOTE_ADDR "^208\.77\.208\.186$" DenyAccess
SetEnvIF X-FORWARDED-FOR "^208\.77\.208\.186$" DenyAccess
SetEnvIF X-CLUSTER-CLIENT-IP "^208\.77\.208\.186$" DenyAccess
order allow,deny
deny from env=DenyAccess
deny from 208.77.208.186
allow from all
#Quick ban IP. Will be updated on next formal rules save.
SetEnvIF REMOTE_ADDR "^208\.77\.208\.186$" DenyAccess
SetEnvIF X-FORWARDED-FOR "^208\.77\.208\.186$" DenyAccess
SetEnvIF X-CLUSTER-CLIENT-IP "^208\.77\.208\.186$" DenyAccess
order allow,deny
deny from env=DenyAccess
deny from 208.77.208.186
allow from all
#Quick ban IP. Will be updated on next formal rules save.
SetEnvIF REMOTE_ADDR "^208\.77\.208\.186$" DenyAccess
SetEnvIF X-FORWARDED-FOR "^208\.77\.208\.186$" DenyAccess
SetEnvIF X-CLUSTER-CLIENT-IP "^208\.77\.208\.186$" DenyAccess
order allow,deny
deny from env=DenyAccess
deny from 208.77.208.186
allow from all
#Quick ban IP. Will be updated on next formal rules save.
SetEnvIF REMOTE_ADDR "^208\.77\.208\.186$" DenyAccess
SetEnvIF X-FORWARDED-FOR "^208\.77\.208\.186$" DenyAccess
SetEnvIF X-CLUSTER-CLIENT-IP "^208\.77\.208\.186$" DenyAccess
order allow,deny
deny from env=DenyAccess
deny from 208.77.208.186
allow from all
#Quick ban IP. Will be updated on next formal rules save.
SetEnvIF REMOTE_ADDR "^208\.77\.208\.186$" DenyAccess
SetEnvIF X-FORWARDED-FOR "^208\.77\.208\.186$" DenyAccess
SetEnvIF X-CLUSTER-CLIENT-IP "^208\.77\.208\.186$" DenyAccess
order allow,deny
deny from env=DenyAccess
deny from 208.77.208.186
allow from all
#Quick ban IP. Will be updated on next formal rules save.
SetEnvIF REMOTE_ADDR "^91\.230\.12\.59$" DenyAccess
SetEnvIF X-FORWARDED-FOR "^91\.230\.12\.59$" DenyAccess
SetEnvIF X-CLUSTER-CLIENT-IP "^91\.230\.12\.59$" DenyAccess
order allow,deny
deny from env=DenyAccess
deny from 91.230.12.59
allow from all
#Quick ban IP. Will be updated on next formal rules save.
SetEnvIF REMOTE_ADDR "^73\.3\.251\.224$" DenyAccess
SetEnvIF X-FORWARDED-FOR "^73\.3\.251\.224$" DenyAccess
SetEnvIF X-CLUSTER-CLIENT-IP "^73\.3\.251\.224$" DenyAccess
order allow,deny
deny from env=DenyAccess
deny from 73.3.251.224
allow from all
#Quick ban IP. Will be updated on next formal rules save.
SetEnvIF REMOTE_ADDR "^162\.129\.251\.20$" DenyAccess
SetEnvIF X-FORWARDED-FOR "^162\.129\.251\.20$" DenyAccess
SetEnvIF X-CLUSTER-CLIENT-IP "^162\.129\.251\.20$" DenyAccess
order allow,deny
deny from env=DenyAccess
deny from 162.129.251.20
allow from all
#Quick ban IP. Will be updated on next formal rules save.
SetEnvIF REMOTE_ADDR "^41\.186\.31\.229$" DenyAccess
SetEnvIF X-FORWARDED-FOR "^41\.186\.31\.229$" DenyAccess
SetEnvIF X-CLUSTER-CLIENT-IP "^41\.186\.31\.229$" DenyAccess
order allow,deny
deny from env=DenyAccess
deny from 41.186.31.229
allow from all
#Quick ban IP. Will be updated on next formal rules save.
SetEnvIF REMOTE_ADDR "^41\.186\.31\.229$" DenyAccess
SetEnvIF X-FORWARDED-FOR "^41\.186\.31\.229$" DenyAccess
SetEnvIF X-CLUSTER-CLIENT-IP "^41\.186\.31\.229$" DenyAccess
order allow,deny
deny from env=DenyAccess
deny from 41.186.31.229
allow from all
#Quick ban IP. Will be updated on next formal rules save.
SetEnvIF REMOTE_ADDR "^41\.186\.31\.229$" DenyAccess
SetEnvIF X-FORWARDED-FOR "^41\.186\.31\.229$" DenyAccess
SetEnvIF X-CLUSTER-CLIENT-IP "^41\.186\.31\.229$" DenyAccess
order allow,deny
deny from env=DenyAccess
deny from 41.186.31.229
allow from all
#Quick ban IP. Will be updated on next formal rules save.
SetEnvIF REMOTE_ADDR "^41\.186\.31\.229$" DenyAccess
SetEnvIF X-FORWARDED-FOR "^41\.186\.31\.229$" DenyAccess
SetEnvIF X-CLUSTER-CLIENT-IP "^41\.186\.31\.229$" DenyAccess
order allow,deny
deny from env=DenyAccess
deny from 41.186.31.229
allow from all
	# BEGIN Ban Users
		# Begin HackRepair.com Blacklist
		RewriteEngine on
		RewriteCond %{HTTP_USER_AGENT} ^$ [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^[Ww]eb[Bb]andit [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Acunetix [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^binlar [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^BlackWidow [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Bolt\ 0 [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Bot\ mailto:craftbot\@yahoo\.com [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^BOT\ for\ JCE [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^casper [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^checkprivacy [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^ChinaClaw [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^clshttp [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^cmsworldmap [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^comodo [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Custo [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Default\ Browser\ 0 [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^diavol [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^DIIbot [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^DISCo [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^dotbot [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Download\ Demon [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^eCatch [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^EirGrabber [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^EmailCollector [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^EmailSiphon [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^EmailWolf [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Express\ WebPictures [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^extract [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^ExtractorPro [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^EyeNetIE [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^feedfinder [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^FHscan [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^FlashGet [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^flicky [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^GetRight [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^GetWeb! [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Go-Ahead-Got-It [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^g00g1e [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Go!Zilla [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^grab [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^GrabNet [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Grafula [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^harvest [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^HMView [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^ia_archiver [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Image\ Stripper [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Image\ Sucker [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^InterGET [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Internet\ Ninja [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^InternetSeer\.com [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^jakarta [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Java [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^JetCar [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^JOC\ Web\ Spider [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^kanagawa [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^kmccrew [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^larbin [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^LeechFTP [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^libwww [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Mass\ Downloader [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Maxthon$ [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^microsoft\.url [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^MIDown\ tool [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^miner [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Mister\ PiX [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Mozilla\.*Indy [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Mozilla\.*NEWT [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^MSFrontPage [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Navroad [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^NearSite [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Net\ Vampire [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^NetAnts [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^NetSpider [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^NetZIP [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^nutch [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Octopus [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Offline\ Explorer [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Offline\ Navigator [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^PageGrabber [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Papa\ Foto [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^pavuk [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^pcBrowser [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^PeoplePal [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^planetwork [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^psbot [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^purebot [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^pycurl [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^RealDownload [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^ReGet [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Rippers\ 0 [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^SeaMonkey$ [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^sitecheck\.internetseer\.com [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^SiteSnagger [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^skygrid [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^SmartDownload [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^sucker [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^SuperBot [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^SuperHTTP [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Surfbot [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^tAkeOut [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Teleport\ Pro [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Toata\ dragostea\ mea\ pentru\ diavola [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^turnit [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^vikspider [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^VoidEYE [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Web\ Image\ Collector [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Web\ Sucker [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^WebAuto [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^WebCopier [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^WebFetch [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^WebGo\ IS [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^WebLeacher [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^WebReaper [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^WebSauger [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^WPScan [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Website\ eXtractor [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Website\ Quester [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^WebStripper [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^WebWhacker [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^WebZIP [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Wget [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Widow [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^WWW-Mechanize [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^WWWOFFLE [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Xaldon\ WebSpider [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Yandex [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Zeus [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^zmeu [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} AhrefsBot [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} CazoodleBot [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} discobot [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ecxi [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} GT::WWW [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} heritrix [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} HTTP::Lite [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} HTTrack [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ia_archiver [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} id-search [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} id-search\.org [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} IDBot [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} Indy\ Library [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} IRLbot [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ISC\ Systems\ iRc\ Search\ 2\.1 [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} LinksManager.com_bot [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} linkwalker [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} lwp-trivial [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} MFC_Tear_Sample [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} Microsoft\ URL\ Control [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} Missigua\ Locator [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} MJ12bot [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} panscient.com [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} PECL::HTTP [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} PHPCrawl [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} PleaseCrawl [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} SBIder [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} Snoopy [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} Steeler [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} URI::Fetch [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} urllib [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} Web\ Sucker [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} webalta [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} WebCollage [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} Wells\ Search\ II [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} WEP\ Search [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} zermelo [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ZyBorg [NC]
		RewriteRule ^.* - [F,L]
		# End HackRepair.com Blacklist, http://pastebin.com/u/hackrepair
		
	# END Ban Users
	# BEGIN Hide Backend
			# Rules to hide the dashboard
			RewriteRule ^/pfplogin/?$ /wp-login.php [QSA,L]
		
	# END Hide Backend
	# BEGIN Tweaks
		# Rules to block access to WordPress specific files
		<files .htaccess>
			Order allow,deny
			Deny from all
		</files>
		<files readme.html>
			Order allow,deny
			Deny from all
		</files>
		<files readme.txt>
			Order allow,deny
			Deny from all
		</files>
		<files install.php>
			Order allow,deny
			Deny from all
		</files>
		<files wp-config.php>
			Order allow,deny
			Deny from all
		</files>
		
		# Rules to disable XML-RPC
		<files xmlrpc.php>
			Order allow,deny
			Deny from all
		</files>
		
		# Rules to disable directory browsing
		Options -Indexes
		
		<IfModule mod_rewrite.c>
			RewriteEngine On
		
			# Rules to protect wp-includes
			RewriteRule ^wp-admin/includes/ - [F]
			RewriteRule !^wp-includes/ - [S=3]
			RewriteCond %{SCRIPT_FILENAME} !^(.*)wp-includes/ms-files.php
			RewriteRule ^wp-includes/[^/]+\.php$ - [F]
			RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F]
			RewriteRule ^wp-includes/theme-compat/ - [F]
		
			# Rules to prevent php execution in uploads
			RewriteRule ^(.*)/uploads/(.*).php(.?) - [F]
		
			# Rules to block unneeded HTTP methods
			RewriteCond %{REQUEST_METHOD} ^(TRACE|DELETE|TRACK) [NC]
			RewriteRule ^(.*)$ - [F]
		
			# Rules to block suspicious URIs
			RewriteCond %{QUERY_STRING} \.\.\/ [NC,OR]
			RewriteCond %{QUERY_STRING} ^.*\.(bash|git|hg|log|svn|swp|cvs) [NC,OR]
			RewriteCond %{QUERY_STRING} etc/passwd [NC,OR]
			RewriteCond %{QUERY_STRING} boot\.ini [NC,OR]
			RewriteCond %{QUERY_STRING} ftp\:  [NC,OR]
			RewriteCond %{QUERY_STRING} http\:  [NC,OR]
			RewriteCond %{QUERY_STRING} https\:  [NC,OR]
			RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
			RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|%3D) [NC,OR]
			RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [NC,OR]
			RewriteCond %{QUERY_STRING} ^.*(\[|\]|\(|\)|<|>|ê|"|;|\?|\*|=$).* [NC,OR]
			RewriteCond %{QUERY_STRING} ^.*(&#x22;|&#x27;|&#x3C;|&#x3E;|&#x5C;|&#x7B;|&#x7C;).* [NC,OR]
			RewriteCond %{QUERY_STRING} ^.*(%24&x).* [NC,OR]
			RewriteCond %{QUERY_STRING} ^.*(127\.0).* [NC,OR]
			RewriteCond %{QUERY_STRING} ^.*(globals|encode|localhost|loopback).* [NC,OR]
			RewriteCond %{QUERY_STRING} ^.*(request|concat|insert|union|declare).* [NC]
			RewriteCond %{QUERY_STRING} !^loggedout=true
			RewriteCond %{QUERY_STRING} !^action=jetpack-sso
			RewriteCond %{QUERY_STRING} !^action=rp
			RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in_.*$
			RewriteCond %{HTTP_REFERER} !^http://maps\.googleapis\.com(.*)$
			RewriteRule ^(.*)$ - [F]
		
			# Rules to block foreign characters in URLs
			RewriteCond %{QUERY_STRING} ^.*(%0|%A|%B|%C|%D|%E|%F).* [NC]
			RewriteRule ^(.*)$ - [F]
		
			# Rules to help reduce spam
			RewriteCond %{REQUEST_METHOD} POST
			RewriteCond %{REQUEST_URI} ^(.*)wp-comments-post\.php*
			RewriteCond %{HTTP_REFERER} !^(.*)ebwebwork.com.* 
			RewriteCond %{HTTP_REFERER} !^http://jetpack\.wordpress\.com/jetpack-comment/ [OR]
			RewriteCond %{HTTP_USER_AGENT} ^$
			RewriteRule ^(.*)$ - [F]
		</IfModule>
	# END Tweaks
# END iThemes Security
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteRule ^pfplogin/?$ /wp-login.php [QSA,L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress

Open in new window

0
 
LVL 58

Expert Comment

by:Gary
ID: 40471749
Are you sure your IP is not in the long list of banned IP's
0
[Webinar] Cloud and Mobile-First Strategy

Maybe you’ve fully adopted the cloud since the beginning. Or maybe you started with on-prem resources but are pursuing a “cloud and mobile first” strategy. Getting to that end state has its challenges. Discover how to build out a 100% cloud and mobile IT strategy in this webinar.

 
LVL 3

Author Comment

by:Eric Bourland
ID: 40471753
Pretty sure. The server IP is: 162.208.0.170

... which is not in .htaccess.
0
 
LVL 3

Author Comment

by:Eric Bourland
ID: 40471755
I guess I could take out all of the banned IPs.

Or I could take out all of the references to iThemes Security. Do you think I should try that next?
0
 
LVL 58

Expert Comment

by:Gary
ID: 40471762
You can try - that seems the obvious reason for being banned from the server.
0
 
LVL 3

Author Comment

by:Eric Bourland
ID: 40471766
Dear Gary,

I thought so too -- so I pared .htaccess down to just:

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteRule ^pfplogin/?$ /wp-login.php [QSA,L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress

But I still get the 403 error.

I think at this point I am going to ask the ISP to delete and reinstall the web site as a new wordpress site. Then I will copy over the files and import the database and we will see if that works.

Thank you again for your help.

Eric
0
 
LVL 58

Expert Comment

by:Gary
ID: 40471771
Then it most likely is a folder/file permission
0
 
LVL 3

Author Comment

by:Eric Bourland
ID: 40471774
I agree.
0
 
LVL 3

Author Closing Comment

by:Eric Bourland
ID: 40471807
Dear Gary,

It looks like it was .htaccess after all. For some reason the pared-down version of .htaccess that I uploaded ... did not get uploaded or recognized. I uploaded it again and was able to access the web site.

Now, I have other problems -- missing content, broken CSS, and so on -- but at least I can access the web site. Thanks very much for your help.

Eric
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Now that you've installed WordPress 2.9 (http://www.experts-exchange.com/articles/Web_Development/Blogs/WordPress/WordPress-2-9-What-to-Expect-When-Upgrading-to-WordPress-2-9.html?) on your site, you need to install some plugins to get the most out …
I want to start by talking about the use of plug-ins for WordPress. I started a web-site for a company I was working for a few years ago; I had extremely basic knowledge of HTML. I am a Graphic Designer by trade so I invited the opportunity as a cha…
The purpose of this video is to demonstrate how to reset a WordPress password if you are locked out and cannot reset the password. A typical use would be if you cannot access the email to which WordPress would send the password recovery email to…
The purpose of this video is to demonstrate how to Import and export files in WordPress. This will be demonstrated using a Windows 8 PC. Go to your WordPress login page. This will look like the following: mywebsite.com/wp-login.php : Click on Too…
Suggested Courses

926 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question