Solved

403 error at http://www.pigsforpeace.org/

Posted on 2014-11-29
10
249 Views
Last Modified: 2014-11-29
WordPress 4.0.1

Friends,

Good morning; I hope your Thanksgiving holiday (if you celebrate) was relaxing.

I'm frustrated by a problem with one of my WordPress sites -- http://www.pigsforpeace.org/.

Short version:
* Right now I get a 403 error when I try to access the site. Obviously I cannot log in to WordPress dashboard anymore.

* The technician at the ISP, viviotech, says he does not see any permission errors in the httpd.conf file.

* I checked my .hthaccess file but that looks OK too; there are some statements in .htaccess from the iThemes security plugin, but that is all. I give the .htaccess file, below.

Details:
* I am trying to transfer the web site at http://test.ebwebwork.com to http://www.pigsforpeace.org/.

* My plan is to use PHPMyAdmin to export the test database, replace test.ebwebwork.com with www.pigsforpeace.org, and import the revised database

* I have not done that yet -- because php.ini does not allow me to upload a large file; I am working on this separately

* Anyway, sometime around yesterday, I suddenly started getting  a 403 at http://www.pigsforpeace.org/

* Previously I was at least able to view the http://www.pigsforpeace.org/ site and log in to WP dashboard.

Do you have any thoughts about what is going on with the 403?

Thank you for your time and help, and for patiently reading this long question. =)

Peace.

Eric
0
Comment
Question by:Eric Bourland
  • 6
  • 4
10 Comments
 
LVL 58

Accepted Solution

by:
Gary earned 500 total points
ID: 40471738
You haven't given your htaccess code - it's probably the likely culprit
0
 
LVL 3

Author Comment

by:Eric Bourland
ID: 40471744
I apologize. Here is .htaccess:

# BEGIN iThemes Security
#Quick ban IP. Will be updated on next formal rules save.
SetEnvIF REMOTE_ADDR "^177\.180\.149\.25$" DenyAccess
SetEnvIF X-FORWARDED-FOR "^177\.180\.149\.25$" DenyAccess
SetEnvIF X-CLUSTER-CLIENT-IP "^177\.180\.149\.25$" DenyAccess
order allow,deny
deny from env=DenyAccess
deny from 177.180.149.25
allow from all
#Quick ban IP. Will be updated on next formal rules save.
SetEnvIF REMOTE_ADDR "^69\.250\.144\.41$" DenyAccess
SetEnvIF X-FORWARDED-FOR "^69\.250\.144\.41$" DenyAccess
SetEnvIF X-CLUSTER-CLIENT-IP "^69\.250\.144\.41$" DenyAccess
order allow,deny
deny from env=DenyAccess
deny from 69.250.144.41
allow from all
#Quick ban IP. Will be updated on next formal rules save.
SetEnvIF REMOTE_ADDR "^69\.250\.144\.41$" DenyAccess
SetEnvIF X-FORWARDED-FOR "^69\.250\.144\.41$" DenyAccess
SetEnvIF X-CLUSTER-CLIENT-IP "^69\.250\.144\.41$" DenyAccess
order allow,deny
deny from env=DenyAccess
deny from 69.250.144.41
allow from all
#Quick ban IP. Will be updated on next formal rules save.
SetEnvIF REMOTE_ADDR "^208\.77\.208\.186$" DenyAccess
SetEnvIF X-FORWARDED-FOR "^208\.77\.208\.186$" DenyAccess
SetEnvIF X-CLUSTER-CLIENT-IP "^208\.77\.208\.186$" DenyAccess
order allow,deny
deny from env=DenyAccess
deny from 208.77.208.186
allow from all
#Quick ban IP. Will be updated on next formal rules save.
SetEnvIF REMOTE_ADDR "^208\.77\.208\.186$" DenyAccess
SetEnvIF X-FORWARDED-FOR "^208\.77\.208\.186$" DenyAccess
SetEnvIF X-CLUSTER-CLIENT-IP "^208\.77\.208\.186$" DenyAccess
order allow,deny
deny from env=DenyAccess
deny from 208.77.208.186
allow from all
#Quick ban IP. Will be updated on next formal rules save.
SetEnvIF REMOTE_ADDR "^208\.77\.208\.186$" DenyAccess
SetEnvIF X-FORWARDED-FOR "^208\.77\.208\.186$" DenyAccess
SetEnvIF X-CLUSTER-CLIENT-IP "^208\.77\.208\.186$" DenyAccess
order allow,deny
deny from env=DenyAccess
deny from 208.77.208.186
allow from all
#Quick ban IP. Will be updated on next formal rules save.
SetEnvIF REMOTE_ADDR "^208\.77\.208\.186$" DenyAccess
SetEnvIF X-FORWARDED-FOR "^208\.77\.208\.186$" DenyAccess
SetEnvIF X-CLUSTER-CLIENT-IP "^208\.77\.208\.186$" DenyAccess
order allow,deny
deny from env=DenyAccess
deny from 208.77.208.186
allow from all
#Quick ban IP. Will be updated on next formal rules save.
SetEnvIF REMOTE_ADDR "^208\.77\.208\.186$" DenyAccess
SetEnvIF X-FORWARDED-FOR "^208\.77\.208\.186$" DenyAccess
SetEnvIF X-CLUSTER-CLIENT-IP "^208\.77\.208\.186$" DenyAccess
order allow,deny
deny from env=DenyAccess
deny from 208.77.208.186
allow from all
#Quick ban IP. Will be updated on next formal rules save.
SetEnvIF REMOTE_ADDR "^208\.77\.208\.186$" DenyAccess
SetEnvIF X-FORWARDED-FOR "^208\.77\.208\.186$" DenyAccess
SetEnvIF X-CLUSTER-CLIENT-IP "^208\.77\.208\.186$" DenyAccess
order allow,deny
deny from env=DenyAccess
deny from 208.77.208.186
allow from all
#Quick ban IP. Will be updated on next formal rules save.
SetEnvIF REMOTE_ADDR "^91\.230\.12\.59$" DenyAccess
SetEnvIF X-FORWARDED-FOR "^91\.230\.12\.59$" DenyAccess
SetEnvIF X-CLUSTER-CLIENT-IP "^91\.230\.12\.59$" DenyAccess
order allow,deny
deny from env=DenyAccess
deny from 91.230.12.59
allow from all
#Quick ban IP. Will be updated on next formal rules save.
SetEnvIF REMOTE_ADDR "^73\.3\.251\.224$" DenyAccess
SetEnvIF X-FORWARDED-FOR "^73\.3\.251\.224$" DenyAccess
SetEnvIF X-CLUSTER-CLIENT-IP "^73\.3\.251\.224$" DenyAccess
order allow,deny
deny from env=DenyAccess
deny from 73.3.251.224
allow from all
#Quick ban IP. Will be updated on next formal rules save.
SetEnvIF REMOTE_ADDR "^162\.129\.251\.20$" DenyAccess
SetEnvIF X-FORWARDED-FOR "^162\.129\.251\.20$" DenyAccess
SetEnvIF X-CLUSTER-CLIENT-IP "^162\.129\.251\.20$" DenyAccess
order allow,deny
deny from env=DenyAccess
deny from 162.129.251.20
allow from all
#Quick ban IP. Will be updated on next formal rules save.
SetEnvIF REMOTE_ADDR "^41\.186\.31\.229$" DenyAccess
SetEnvIF X-FORWARDED-FOR "^41\.186\.31\.229$" DenyAccess
SetEnvIF X-CLUSTER-CLIENT-IP "^41\.186\.31\.229$" DenyAccess
order allow,deny
deny from env=DenyAccess
deny from 41.186.31.229
allow from all
#Quick ban IP. Will be updated on next formal rules save.
SetEnvIF REMOTE_ADDR "^41\.186\.31\.229$" DenyAccess
SetEnvIF X-FORWARDED-FOR "^41\.186\.31\.229$" DenyAccess
SetEnvIF X-CLUSTER-CLIENT-IP "^41\.186\.31\.229$" DenyAccess
order allow,deny
deny from env=DenyAccess
deny from 41.186.31.229
allow from all
#Quick ban IP. Will be updated on next formal rules save.
SetEnvIF REMOTE_ADDR "^41\.186\.31\.229$" DenyAccess
SetEnvIF X-FORWARDED-FOR "^41\.186\.31\.229$" DenyAccess
SetEnvIF X-CLUSTER-CLIENT-IP "^41\.186\.31\.229$" DenyAccess
order allow,deny
deny from env=DenyAccess
deny from 41.186.31.229
allow from all
#Quick ban IP. Will be updated on next formal rules save.
SetEnvIF REMOTE_ADDR "^41\.186\.31\.229$" DenyAccess
SetEnvIF X-FORWARDED-FOR "^41\.186\.31\.229$" DenyAccess
SetEnvIF X-CLUSTER-CLIENT-IP "^41\.186\.31\.229$" DenyAccess
order allow,deny
deny from env=DenyAccess
deny from 41.186.31.229
allow from all
	# BEGIN Ban Users
		# Begin HackRepair.com Blacklist
		RewriteEngine on
		RewriteCond %{HTTP_USER_AGENT} ^$ [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^[Ww]eb[Bb]andit [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Acunetix [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^binlar [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^BlackWidow [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Bolt\ 0 [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Bot\ mailto:craftbot\@yahoo\.com [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^BOT\ for\ JCE [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^casper [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^checkprivacy [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^ChinaClaw [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^clshttp [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^cmsworldmap [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^comodo [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Custo [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Default\ Browser\ 0 [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^diavol [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^DIIbot [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^DISCo [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^dotbot [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Download\ Demon [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^eCatch [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^EirGrabber [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^EmailCollector [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^EmailSiphon [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^EmailWolf [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Express\ WebPictures [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^extract [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^ExtractorPro [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^EyeNetIE [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^feedfinder [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^FHscan [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^FlashGet [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^flicky [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^GetRight [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^GetWeb! [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Go-Ahead-Got-It [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^g00g1e [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Go!Zilla [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^grab [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^GrabNet [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Grafula [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^harvest [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^HMView [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^ia_archiver [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Image\ Stripper [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Image\ Sucker [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^InterGET [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Internet\ Ninja [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^InternetSeer\.com [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^jakarta [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Java [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^JetCar [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^JOC\ Web\ Spider [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^kanagawa [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^kmccrew [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^larbin [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^LeechFTP [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^libwww [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Mass\ Downloader [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Maxthon$ [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^microsoft\.url [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^MIDown\ tool [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^miner [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Mister\ PiX [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Mozilla\.*Indy [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Mozilla\.*NEWT [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^MSFrontPage [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Navroad [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^NearSite [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Net\ Vampire [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^NetAnts [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^NetSpider [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^NetZIP [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^nutch [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Octopus [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Offline\ Explorer [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Offline\ Navigator [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^PageGrabber [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Papa\ Foto [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^pavuk [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^pcBrowser [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^PeoplePal [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^planetwork [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^psbot [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^purebot [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^pycurl [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^RealDownload [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^ReGet [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Rippers\ 0 [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^SeaMonkey$ [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^sitecheck\.internetseer\.com [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^SiteSnagger [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^skygrid [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^SmartDownload [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^sucker [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^SuperBot [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^SuperHTTP [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Surfbot [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^tAkeOut [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Teleport\ Pro [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Toata\ dragostea\ mea\ pentru\ diavola [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^turnit [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^vikspider [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^VoidEYE [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Web\ Image\ Collector [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Web\ Sucker [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^WebAuto [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^WebCopier [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^WebFetch [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^WebGo\ IS [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^WebLeacher [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^WebReaper [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^WebSauger [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^WPScan [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Website\ eXtractor [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Website\ Quester [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^WebStripper [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^WebWhacker [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^WebZIP [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Wget [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Widow [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^WWW-Mechanize [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^WWWOFFLE [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Xaldon\ WebSpider [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Yandex [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^Zeus [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ^zmeu [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} AhrefsBot [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} CazoodleBot [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} discobot [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ecxi [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} GT::WWW [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} heritrix [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} HTTP::Lite [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} HTTrack [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ia_archiver [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} id-search [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} id-search\.org [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} IDBot [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} Indy\ Library [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} IRLbot [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ISC\ Systems\ iRc\ Search\ 2\.1 [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} LinksManager.com_bot [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} linkwalker [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} lwp-trivial [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} MFC_Tear_Sample [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} Microsoft\ URL\ Control [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} Missigua\ Locator [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} MJ12bot [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} panscient.com [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} PECL::HTTP [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} PHPCrawl [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} PleaseCrawl [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} SBIder [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} Snoopy [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} Steeler [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} URI::Fetch [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} urllib [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} Web\ Sucker [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} webalta [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} WebCollage [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} Wells\ Search\ II [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} WEP\ Search [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} zermelo [NC,OR]
		RewriteCond %{HTTP_USER_AGENT} ZyBorg [NC]
		RewriteRule ^.* - [F,L]
		# End HackRepair.com Blacklist, http://pastebin.com/u/hackrepair
		
	# END Ban Users
	# BEGIN Hide Backend
			# Rules to hide the dashboard
			RewriteRule ^/pfplogin/?$ /wp-login.php [QSA,L]
		
	# END Hide Backend
	# BEGIN Tweaks
		# Rules to block access to WordPress specific files
		<files .htaccess>
			Order allow,deny
			Deny from all
		</files>
		<files readme.html>
			Order allow,deny
			Deny from all
		</files>
		<files readme.txt>
			Order allow,deny
			Deny from all
		</files>
		<files install.php>
			Order allow,deny
			Deny from all
		</files>
		<files wp-config.php>
			Order allow,deny
			Deny from all
		</files>
		
		# Rules to disable XML-RPC
		<files xmlrpc.php>
			Order allow,deny
			Deny from all
		</files>
		
		# Rules to disable directory browsing
		Options -Indexes
		
		<IfModule mod_rewrite.c>
			RewriteEngine On
		
			# Rules to protect wp-includes
			RewriteRule ^wp-admin/includes/ - [F]
			RewriteRule !^wp-includes/ - [S=3]
			RewriteCond %{SCRIPT_FILENAME} !^(.*)wp-includes/ms-files.php
			RewriteRule ^wp-includes/[^/]+\.php$ - [F]
			RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F]
			RewriteRule ^wp-includes/theme-compat/ - [F]
		
			# Rules to prevent php execution in uploads
			RewriteRule ^(.*)/uploads/(.*).php(.?) - [F]
		
			# Rules to block unneeded HTTP methods
			RewriteCond %{REQUEST_METHOD} ^(TRACE|DELETE|TRACK) [NC]
			RewriteRule ^(.*)$ - [F]
		
			# Rules to block suspicious URIs
			RewriteCond %{QUERY_STRING} \.\.\/ [NC,OR]
			RewriteCond %{QUERY_STRING} ^.*\.(bash|git|hg|log|svn|swp|cvs) [NC,OR]
			RewriteCond %{QUERY_STRING} etc/passwd [NC,OR]
			RewriteCond %{QUERY_STRING} boot\.ini [NC,OR]
			RewriteCond %{QUERY_STRING} ftp\:  [NC,OR]
			RewriteCond %{QUERY_STRING} http\:  [NC,OR]
			RewriteCond %{QUERY_STRING} https\:  [NC,OR]
			RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
			RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|%3D) [NC,OR]
			RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [NC,OR]
			RewriteCond %{QUERY_STRING} ^.*(\[|\]|\(|\)|<|>|ê|"|;|\?|\*|=$).* [NC,OR]
			RewriteCond %{QUERY_STRING} ^.*(&#x22;|&#x27;|&#x3C;|&#x3E;|&#x5C;|&#x7B;|&#x7C;).* [NC,OR]
			RewriteCond %{QUERY_STRING} ^.*(%24&x).* [NC,OR]
			RewriteCond %{QUERY_STRING} ^.*(127\.0).* [NC,OR]
			RewriteCond %{QUERY_STRING} ^.*(globals|encode|localhost|loopback).* [NC,OR]
			RewriteCond %{QUERY_STRING} ^.*(request|concat|insert|union|declare).* [NC]
			RewriteCond %{QUERY_STRING} !^loggedout=true
			RewriteCond %{QUERY_STRING} !^action=jetpack-sso
			RewriteCond %{QUERY_STRING} !^action=rp
			RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in_.*$
			RewriteCond %{HTTP_REFERER} !^http://maps\.googleapis\.com(.*)$
			RewriteRule ^(.*)$ - [F]
		
			# Rules to block foreign characters in URLs
			RewriteCond %{QUERY_STRING} ^.*(%0|%A|%B|%C|%D|%E|%F).* [NC]
			RewriteRule ^(.*)$ - [F]
		
			# Rules to help reduce spam
			RewriteCond %{REQUEST_METHOD} POST
			RewriteCond %{REQUEST_URI} ^(.*)wp-comments-post\.php*
			RewriteCond %{HTTP_REFERER} !^(.*)ebwebwork.com.* 
			RewriteCond %{HTTP_REFERER} !^http://jetpack\.wordpress\.com/jetpack-comment/ [OR]
			RewriteCond %{HTTP_USER_AGENT} ^$
			RewriteRule ^(.*)$ - [F]
		</IfModule>
	# END Tweaks
# END iThemes Security
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteRule ^pfplogin/?$ /wp-login.php [QSA,L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress

Open in new window

0
 
LVL 58

Expert Comment

by:Gary
ID: 40471749
Are you sure your IP is not in the long list of banned IP's
0
The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

 
LVL 3

Author Comment

by:Eric Bourland
ID: 40471753
Pretty sure. The server IP is: 162.208.0.170

... which is not in .htaccess.
0
 
LVL 3

Author Comment

by:Eric Bourland
ID: 40471755
I guess I could take out all of the banned IPs.

Or I could take out all of the references to iThemes Security. Do you think I should try that next?
0
 
LVL 58

Expert Comment

by:Gary
ID: 40471762
You can try - that seems the obvious reason for being banned from the server.
0
 
LVL 3

Author Comment

by:Eric Bourland
ID: 40471766
Dear Gary,

I thought so too -- so I pared .htaccess down to just:

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteRule ^pfplogin/?$ /wp-login.php [QSA,L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress

But I still get the 403 error.

I think at this point I am going to ask the ISP to delete and reinstall the web site as a new wordpress site. Then I will copy over the files and import the database and we will see if that works.

Thank you again for your help.

Eric
0
 
LVL 58

Expert Comment

by:Gary
ID: 40471771
Then it most likely is a folder/file permission
0
 
LVL 3

Author Comment

by:Eric Bourland
ID: 40471774
I agree.
0
 
LVL 3

Author Closing Comment

by:Eric Bourland
ID: 40471807
Dear Gary,

It looks like it was .htaccess after all. For some reason the pared-down version of .htaccess that I uploaded ... did not get uploaded or recognized. I uploaded it again and was able to access the web site.

Now, I have other problems -- missing content, broken CSS, and so on -- but at least I can access the web site. Thanks very much for your help.

Eric
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Do you think that WordPress is just for blogs?  Think again!  WordPress is really a fantastic all around platform that you can use to develop websites on.  Integrated into its basic functionality is the ability to create pages using your choice of a…
So you have coded your own WordPress plugin and now you want to allow users to upload images to a folder in the plugin folder rather than the default media location? Follow along and this article will show you how to do just that!
The purpose of this video is to demonstrate how to create a Printer Friendly PDF on a WordPress Page. This will be demonstrated using a Windows 8 PC. Tools Used are Photoshop, Awesome Screenshot” Google Chrome Extension, and SmallPDF.com Log…
The purpose of this video is to demonstrate how to set up the permalinks on a WordPress Website. This will be demonstrated using a Windows 8 PC. Go to your WordPress login page. This will look like the following: mywebsite.com/wp-login.php : Go t…

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question