You're welcome. I'm glad that you get value from these videos. Thanks for watching!

You're welcome Tina, thanks for watching! Let me know if you have any questions :)

Each directory on your site can have its own htaccess file. The one I'm editing and working with in all my tutorials so far is in the root. You can simply create a new one in the root and add code to it. You probably shouldn't move the one you found because it may have rules in it for the directory it's in. I hope that helps and thanks for watching! Let me know if you have any further information please :)

Watching all your security .htaccess videos as this is any first time on WP and it's scary reading all the hacking and website break comments. Plus I also read that the website can break when a plugin updates. Not a very stable platform?

It's quite stable and secure. The trouble is that WordPress is the most used CMS on the internet, so it's a large target for hackers. The other trouble is that anyone can create a plugin or theme for WordPress. They may not be the best coders and their plugins can break sites. Usually, if you uninstall the plugin at fault the site is fixed. There are also plugin conflicts sometimes, even among well-coded plugins. If you go with a more structure platform like Wix or SquareSpace you'll have less of these issues, but also way less freedom to do what you want with your site. It's a trade-off.

@@wplearninglab Thanks for the reply. So why doesn't WP vett every plugin before it goes live to protect its users like all the app stores. Otherwise any TDH can create a malicious plugin and mess everyone up. Isn't there a plugin approval process before it goes live? Or perhaps a third party service that validates the plugin for compatability? Plus I am sure WP has Minimum requirements and standards that must be met for plugin developers? I have used SS extensively and it's pretty awesome but has limited functionality. Certainly not for creating a career board.

You’re welcome Andrew, thanks for watching!

+Jacopo Sergio Cardia I can try, which PHP file do you need help with?

Hi Olivier, I haven't encountered that issue before. You could redirecting the non-www version of your site to the www version. Which is what you want to do anyway. It's not good for SEO to have your site loading for both www and non-www. Here's a tutorial that will help with the redirect: kzbin.info/www/bejne/aHrWnoiam7ycpas It's a band-aid for the problem, but after doing this you may never encounter that problem again.

Thanks for taking the time and reply. The site is already rediredcting but there is an error that is causing this and after hours and hours of troubleshooting I found that this error was caused by a plugin (swift performance). After disabling it and removing the code it left behind everything went back to normal and the site works now fine. I have the exact same setup with same theme and plugins on a different host and everything works fine. I have also tried the plugin on a differet site and same host and it works so the host doesn't seem to be the issue. Seems there is a conflict or maybe php problem or something, but I can't find it.... I know this is advaced but do you maybe have any advice ?

+d Kard Did this happen after you made some changes? If so, undo the changes and it should come back immediately.

I just got rid of it and installed the ithemes security plugin.

+d Kard Good work and good choice, the iThemes security plugin is great.

Thx

If you copy and paste from the video without changing (left pointy bracket) and (left pointy bracket) to < and >, then that is the cause. I would paste into Notepad then into your .htaccess file to see if you have additional characters.

Thanks for the sub! Much appreciated! There's a lot we don't know about website security until we know it :)

Tue Lindblad (Onlinebijobber) Could you share your URL so that I can take a look? Are you seeing the hacker accessing that file through your server logs?

Yes, through the server log. The site is onlinebijobber.dk Thank you

Tue Lindblad (Onlinebijobber) Hi Tue. I was born not far south of Danmark (10 minutes from Dusseldorf, Germany). You're website and videos look great, good work! I'll take a serious look at your XMLRPC issue soon. It's Canada Day here, so we're in full celebration mode for the rest of the week.

Awesome. Thank good i found you on KZbin :) - Tue

Yep, that's another way to do it. Some people prefer to use as few plugins as possible. This is an option for them.

yeah i want to know also where is that option to disable it? thanks

+dino seiko Hey Dino, you probably didn't replace parts you needed before you saved the htaccess. Unfortunately, KZbin doesn't allow the pointy brackets (Shift period and Shift comma) in the descriptions. But they do allow then in the comments oddly enough. The code below should work: # BEGIN Disable XML-RPC.PHP Order Deny,Allow Deny from all # END Disable XML-RPC.PHP

ok thanks i will try again !

+dino seiko You're welcome, let me know how it goes!

Keep in mind, deleting a core wordpress file is never a good idea, as certain other core files might include the file internally (though it's probably not used, but just included), which then leads to errors or even a complete shutdown of the website. Also, each time you update WordPress, the file will be restored.

workwithksmusselman No problem. Glad you liked it!

Yeah, they're pretty active. If they're attacking your login page you can try moving it using this method: kzbin.info/www/bejne/pmjUqYamqb-cnJI I hope that helps and thanks for watching!

@@wplearninglab Thanks, I'll look at it.

Sounds good, let me know if it helps. Here are two other tutorials that may help depending on what the boys are doing. 1. Blocking bad bot traffic: kzbin.info/www/bejne/Znykq3p6fdZgZ68 2. Hiding WP footprint: kzbin.info/www/bejne/hnvWpXSLaJmGorM

@@wplearninglab I'll look at both of those too, thank you!

No problem Michael, let me know how it goes!