Cannot login to WordPress site after changing .htaccess for security purposes

amtik is correct in looking at the code that needs to be addressed.

Order deny,allow
Deny from all
<Files ~ ".(xml|css|jpe?g|png|gif|js)$">
Allow from all
</Files>

That code was originally only designed to be used in wp-includes and wp-content not in the root of your WordPress install, but even then it will still break themes and plugins. Plus it would be better written like so:

Order Allow,Deny
<FilesMatch "\.(xml|css|jpe?g|png|gif|js)$">
Allow from all
</FilesMatch>

But it would need to go in an .htaccess file in your wp-includes and wp-content directories. I would suggest you just remove it completely and see if your site works. Then create new .htaccess files with the above content for your wp-includes and wp-content directories and see if anything breaks. There’s a good likelihood that something will break it just depends if the user’s browser needs something from those directories.

Related Posts:

  1. Improve wordpress security by hiding non public resources
  2. htaccess rewrite conflict with wordpress rules and ssl
  3. adding rewrite rules in .htaccess
  4. Plugin to edit htaccess file
  5. Serve apache 404 for missing assets rather then wp 404 template WP_Rewrites
  6. Remove year and month in URL using .htaccess
  7. Permalinks not working on second wordpress installed in a subdirect
  8. Unable to access WP admin
  9. Move wordpress to folder without changing urls
  10. Change wp-content without changing the name of the folder
  11. Using WordPress only for the backend, and using AngularJS as a frontend
  12. How to restrict access to wp-content, wp-includes and all sub-folders
  13. Two domains on one WordPress Installation
  14. Protect Upload Folder Files With Ampersand Problem
  15. Is it possible to dynamically redirect URL using htaccess?
  16. Which WordPress scripts need to be executable for a fresh installation?
  17. .htaccess and WordPress Admin Bar
  18. Keep getting 401 error from WordPress on AWS Lightsail
  19. Blocking access to wp-login via htaccess not working
  20. Setup Permanent 301 Redirects after moving to Https [closed]
  21. Force www to non-www on a subdomain in WordPress?
  22. How to Redirect huge numbers of URLs to another URLs?
  23. WP site URL changed to have HTTPS but still homepage does not redirect
  24. Struggling with add_rewrite_rule
  25. Giving WordPress its own subdirectory – nginx
  26. Cannot mask WordPress page URL using .htaccess
  27. need a help for modify .htaccess rule [closed]
  28. How can I make an htaccess file on a Mac? [closed]
  29. Restricting user login by IP address
  30. .htaccess ‘down for maitenance’ and WordPress
  31. WordPress overrides custom 404 page with it’s own
  32. Which is better: 301 Redirect in my .htaccess file or a plugin like Redirection?
  33. New installation can’t be found due to htaccess of the original non-WordPress site
  34. Fixing custom 404 pages broken by WordPress in a subdirectory
  35. Case insensitive header params for API request
  36. 301 Redirect domain Sub-folders to Subdomain subfolder
  37. Drawbacks to using Options -Indexes
  38. Override 404 page with htaccess
  39. Htaccess Rewrite reverts to default .htaccess file
  40. what could cause the htaccess file to be modified?
  41. change permalink structure with htaccess without SEO impact
  42. Site in subfolder – all pages work except home
  43. Can’t upload .htaccess after editing in notepad
  44. Directing subdomain to main domain and keeping the subdomain format with .htaccess
  45. Remove /sites/25/ from image URLS
  46. WordPress – Promoting A Dev Build In A Subdirectory To Production / Root Directory
  47. How disable canonical redirect wp-signup
  48. .htaccess RewriteRule always overwritten – how to prevent?
  49. What might be removing my redirects from my htaccess?
  50. Forcing HTTPS with WordPress on AWS
  51. WordPress Example Code for Blocking Referrer Spam
  52. How could a .htaccess with authentication suddenly appear or change?
  53. Local PC cache stays filled with old WordPress Site data
  54. Password protect directory but not files
  55. How to have a custom URI path for specific page template
  56. WordPress JSON API restrict to specific domain
  57. Where to put W3 Total Cache rewrite rules in .htaccess? [closed]
  58. fix 302 redirection error on https
  59. main-domain of wordpress keep redirecting to subdomain
  60. How to deny access to a particular wordpress site url
  61. How do i allow access to a single file in my root directory? [closed]
  62. Rewrite URL in address bar for a specific page [closed]
  63. Home links redirects to old site
  64. Selectively Disabling PHP via .htaccess in Root Directory
  65. What’s the best way to manage a lot of 301 redirects in WordPress?
  66. Shared hosting, multiple sites, can’t log in to WP due to .htaccess redirection
  67. What causes 404 errors that forces you to rebuild a .htaccess file?
  68. Configure .htaccess to have a WordPress single site installation with all subdomains pointing to the same pages?
  69. How to set up MS Exchange Autodiscover alongside WordPress
  70. Rewriting subfolders to specific parent folder in WordPress
  71. Azure WordPress deny access to xmlrpc
  72. Xampp is not loading media
  73. PHP application in sub directory keeps redirecting to main site
  74. domain redirection is not working from old to new
  75. Deny,Allow on .htaccess isn’t working
  76. execute cron jobs when .htaccess login protected?
  77. Redirect WordPress site to a landing (construction) page using htaccess, with access to /wp-admin and /invoice
  78. Using htaccess to prevent spam through wp-comments-post.php
  79. Install second wordpress in root subfolder, Error 404
  80. change URIs of migrated site
  81. Remove subdirectory from links
  82. modifying htaccess for localhost with a custom port
  83. htaccess- to hide subdirectory slug only from the post
  84. .htaccess redirects for posts in new directory and new domain
  85. Steps for WordPress over SSL
  86. Fixing Access-Control-Allow-Origin (CORS origin) for multiple subdomains
  87. domain.in/wp-admin give the result to 403 Access to this resource on the server is denied!
  88. insert_with_markers() WordPress & htaccess help
  89. Restrict Content for only Contributors via .htaccess
  90. Redirect from domain.com to subdomain.domain.com
  91. MAMP.app & .htaccess – Can’t override after config
  92. register_post_type and register taxonomy and htaccess
  93. Why ‘Authorization Required’ is coming on wordpress login
  94. Restricting direct downloads of wp content files, but allow them on the website.
  95. Forward blog requests to another URL
  96. .htaccess rewrite rule stopped working for wordpress site after moving server
  97. WordPress Media Library rendering blank image tiles
  98. Subfolder install not working
  99. Redirect loops in Bing holding my sites back
  100. Permalinks not working on debian with OVH