Prior to implementing the solution please make sure, you are using
- At least PHP 5.3 or later
- You are using only one security plugin. Multiple plugins can prevent each other from editing .htaccess files. Disable other security plugin (at least following this trick) if installed multiple security plugins.
- Verify directory permission is set to 750 (recommended) or 755 where WordPress is installed. Most time it is under the public_html.
- File permission of .htaccess should be 644.
- If you are using OpenLiteSpeed server then this server does not support .htaccess or .user.ini files. You need to have set them manually.
If you fulfilled above rules, then follow below instruction.
- Login into WordPress admin Panel
- Navigate to Setting ➔ Permalinks
- Now come to cPanel ➔ File Manager or FTP, where WordPress is installed.
- Backup .htaccess file & delete it. This file is located where wp-config.php is.
- Come to WordPress Admin Panel & click on the Save Changes button (assuming you are still on Permalinks page as suggestedin step No 2)
- Navigate to WordPress admin panel ➔ Wordfence. You will see notification like below.
To make your site as secure as possible, take a moment to optimize the Wordfence Web Application Firewall:
- Press the next button one after one (total 4 buttons)
- Click here to configure
- Download .htaccess
- Download .user.ini