Jos, thank you very much your quick and kind response. I really appreciate it.
Well, at this moment I don’t have any monster htaccess like the one I told you, but here (at the end) is an example of a little one.
Personally, it happened to me more than once that the issue fails and when I open the htaccess it’s a real mess, like three hundred lines for example and a spagetti code.
I have backed up the file and reviewed it line by line through trial-and-error for hours, eliminating several (or even all) lines, replacing the file with a new one similar to the one you already mentioned to me, or by completely eliminating the file, deleting tables, combining with the option "define ( ‘ITSEC_DISABLE_MODULES’, true); ", etc… but I have never had a good result. Basically I’ve always done it when a theme crashes or maybe a kind of bug comes up making me losing access to wp-admin, which definitely hasn’t ever helped.
at this moment I don’t have this problem, but when I found mainwp I discovered a new world of management (you know what I mean), and something I noticed was the wordfence integration. then, by reviewing the word fence plugin and the amount of installations it has (4 millions vs 1 million of ithemes) I realize that it will be much better to use wordfence. Now I am worried about leaving ithemes garbage somewhere that complicate wordfence installation.
however I am going to encourage myself to do a testing version this weekend to install and uninstall ithemes in order to install wordfence after that. If I see something doubtful, I will ask you again.
In a few words, and why other people wonder which of those 2 plugins is better (and based on my experience of course), the problem of ithemes security pro is that it applies too many large and complex rules sometimes, so when the administrator wants to change some configuration the plugin crashes and the system access is blocked, as if applying many rules caused conflicts whit other rules of the same plugin, resulting in an unwanted security system that turns against the administrator.
Thanks in advance.
BEGIN iThemes Security - Do not modify or remove this line
iThemes Security Config Details: 2
# Pass through Authorization header.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
</IfModule>
# Ban Hosts - Security > Settings > Banned Users
SetEnvIF REMOTE_ADDR "^5\.188\.62\.140$" DenyAccess
SetEnvIF X-FORWARDED-FOR "^5\.188\.62\.140$" DenyAccess
SetEnvIF X-CLUSTER-CLIENT-IP "^5\.188\.62\.140$" DenyAccess
SetEnvIF REMOTE_ADDR "^185\.244\.214\.42$" DenyAccess
SetEnvIF X-FORWARDED-FOR "^185\.244\.214\.42$" DenyAccess
SetEnvIF X-CLUSTER-CLIENT-IP "^185\.244\.214\.42$" DenyAccess
<IfModule mod_authz_core.c>
<RequireAll>
Require all granted
Require not env DenyAccess
Require not ip 5.188.62.140
Require not ip 185.244.214.42
</RequireAll>
</IfModule>
<IfModule !mod_authz_core.c>
Order allow,deny
Allow from all
Deny from env=DenyAccess
Deny from 5.188.62.140
Deny from 185.244.214.42
</IfModule>
END iThemes Security - Do not modify or remove this line
BEGIN WordPress
Las directivas (líneas) entre «BEGIN WordPress» y «END WordPress» son
generadas dinámicamente y solo deberían ser modificadas mediante filtros de WordPress.
Cualquier cambio en las directivas que hay entre esos marcadores serán sobrescritas.
RewriteEngine On
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
END WordPress