• Resolved marcofiorentino77

    (@marcofiorentino77)


    Hello,
    I uninstalled the plugin, but I noticed that the .htaccess file wasn’t modified. Why is that? Can it be removed manually?

    BEGIN Kadence Security – Do not modify or remove this line Kadence Security Config Details: 2

    # Ban Hosts - Security > Settings > Banned Users
    SetEnvIF REMOTE_ADDR "^93\.44\.46\.116$" DenyAccess
    SetEnvIF X-FORWARDED-FOR "^93\.44\.46\.116$" DenyAccess
    SetEnvIF X-CLUSTER-CLIENT-IP "^93\.44\.46\.116$" DenyAccess
    
    SetEnvIF REMOTE_ADDR "^212\.107\.27\.78$" DenyAccess
    SetEnvIF X-FORWARDED-FOR "^212\.107\.27\.78$" DenyAccess
    SetEnvIF X-CLUSTER-CLIENT-IP "^212\.107\.27\.78$" DenyAccess
    
    SetEnvIF REMOTE_ADDR "^93\.42\.70\.187$" DenyAccess
    SetEnvIF X-FORWARDED-FOR "^93\.42\.70\.187$" DenyAccess
    SetEnvIF X-CLUSTER-CLIENT-IP "^93\.42\.70\.187$" DenyAccess
    
    <IfModule mod_authz_core.c>
        <RequireAll>
            Require all granted
            Require not env DenyAccess
            Require not ip 93.44.46.116
            Require not ip 212.107.27.78
            Require not ip 93.42.70.187
        </RequireAll>
    </IfModule>
    <IfModule !mod_authz_core.c>
        Order allow,deny
        Allow from all
        Deny from env=DenyAccess
        Deny from 93.44.46.116
        Deny from 212.107.27.78
        Deny from 93.42.70.187
    </IfModule>
    
    # Protect System Files - Security > Settings > System Tweaks > System Files
    <files .htaccess>
        <IfModule mod_authz_core.c>
            Require all denied
        </IfModule>
        <IfModule !mod_authz_core.c>
            Order allow,deny
            Deny from all
        </IfModule>
    </files>
    <files readme.html>
        <IfModule mod_authz_core.c>
            Require all denied
        </IfModule>
        <IfModule !mod_authz_core.c>
            Order allow,deny
            Deny from all
        </IfModule>
    </files>
    <files readme.txt>
        <IfModule mod_authz_core.c>
            Require all denied
        </IfModule>
        <IfModule !mod_authz_core.c>
            Order allow,deny
            Deny from all
        </IfModule>
    </files>
    <files wp-config.php>
        <IfModule mod_authz_core.c>
            Require all denied
        </IfModule>
        <IfModule !mod_authz_core.c>
            Order allow,deny
            Deny from all
        </IfModule>
    </files>
    
    # Disable Directory Browsing - Security > Settings > System Tweaks > Directory Browsing
    Options -Indexes
    
    <IfModule mod_rewrite.c>
        RewriteEngine On
    
        # Protect System Files - Security > Settings > System Tweaks > System Files
        RewriteRule ^wp-admin/install\.php$ - [F]
        RewriteRule ^wp-admin/includes/ - [F]
        RewriteRule !^wp-includes/ - [S=3]
        RewriteRule ^wp-includes/[^/]+\.php$ - [F]
        RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F]
        RewriteRule ^wp-includes/theme-compat/ - [F]
        RewriteRule (^|.*/)\.(git|svn) - [F]
    
        # Disable PHP in Uploads - Security > Settings > System Tweaks > PHP in Uploads
        RewriteRule ^wp\-content/uploads/.*\.(?:php[1-7]?|pht|phtml?|phps)\.?$ - [NC,F]
    
        # Disable PHP in Plugins - Security > Settings > System Tweaks > PHP in Plugins
        RewriteRule ^wp\-content/plugins/.*\.(?:php[1-7]?|pht|phtml?|phps)\.?$ - [NC,F]
    
        # Disable PHP in Themes - Security > Settings > System Tweaks > PHP in Themes
        RewriteRule ^wp\-content/themes/.*\.(?:php[1-7]?|pht|phtml?|phps)\.?$ - [NC,F]
    </IfModule>
    
    # Disable XML-RPC - Security > Settings > WordPress Tweaks > XML-RPC
    <files xmlrpc.php>
        <IfModule mod_authz_core.c>
            Require all denied
        </IfModule>
        <IfModule !mod_authz_core.c>
            Order allow,deny
            Deny from all
        </IfModule>
    </files>

    END Kadence Security – Do not modify or remove this line

    The page I need help with: [log in to see the link]

Viewing 1 replies (of 1 total)
  • Plugin Support chandelierrr

    (@shanedelierrr)

    Hi @marcofiorentino77,

    Thanks for posting the details and for including the .htaccess snippet!

    When Kadence Security is removed the usual way (Plugins → Deactivate, then Delete), the plugin is designed to remove everything between these two lines:

    # BEGIN Kadence Security – Do not modify or remove this line
    # END Kadence Security – Do not modify or remove this line

    If that block is still there after uninstall, it usually means one of these happened:

    • The plugin folder was removed manually (FTP/cPanel/host tools) instead of using Deactivate → Delete in WordPress.
    • Write to Files was turned off under Security → Settings → Advanced, so the plugin did not manage .htaccess automatically.
    • .htaccess was not writable when you deactivated or deleted the plugin.

    To your question directly: yes, you can remove that block manually now that the plugin is gone.

    Before you edit anything, make sure to make a backup copy of the .htaccess file.

    Then, delete the entire Kadence Security section, from the BEGIN Kadence Security line through the matching END Kadence Security line (include both marker lines in what you remove).

    Leave any standard WordPress permalink rules in place, for example:

    # BEGIN WordPress

    ...

    # END WordPress

    After saving, visit Settings → Permalinks and click Save Changes (you do not need to change any settings) to refresh WordPress rewrite rules if needed.

    Lastly, load your site and confirm pages and the admin area work normally.

    If anything breaks after editing .htaccess, restore your backup file and let us know what error you see.

    Hope that helps!

    • This reply was modified 2 days, 7 hours ago by chandelierrr.
Viewing 1 replies (of 1 total)

You must be logged in to reply to this topic.