Allowing AutoSSL installer access to a WordPress website with WP Defender plugin

The AutoSSL system will automatically check every active domain name on your hosting account and it will attempt to install a new SSL certificate for any websites that do not already have one. The system will create a temporary .txt file in the /.well-known/pki-validation/ directory of each website, the temporary file contains a special SSL validation code, the SSL validation server will attempt to connect to your website and validate the existence of the code, and if everything can be validated AutoSSL will install the new SSL certificate. The process runs every night and it can sometimes take several nights to complete. 

To check the SSL certificate installed on your website, please type your website address into https://sslanalyzer.comodoca.com/

If you have a WordPress website with WP Defender installed, this plugin will block access to the temporary .txt file required by AutoSSL, but there is a workaround.

A typical .htaccess file will contain code for WP Defender similar to this:

## WP Defender - Prevent information disclosure ##
Options -Indexes
<FilesMatch "\.(txt|md|exe|sh|bak|inc|pot|po|mo|log|sql)$">
Order allow,deny
Deny from all
</FilesMatch>
<Files robots.txt>
Allow from all
</Files>
## WP Defender - End ##


To allow access by AutoSSL you'll need to add 3 lines of code to the .htaccess, the lines are in bold in the example below:

SetEnvIfNoCase Request_URI "^/\.well-known/pki-validation/[A-F0-9]{32}.txt$|Comodo\ DCV" ALLOWED=TRUE
## WP Defender - Prevent information disclosure ##
Options -Indexes
<FilesMatch "\.(txt|md|exe|sh|bak|inc|pot|po|mo|log|sql)$">
Order allow,deny
allow from env=ALLOWED
Deny from all
Satisfy any
</FilesMatch>
<Files robots.txt>
Allow from all
</Files>
## WP Defender - End ##

The code above is only an example. Please keep a copy of your original .htaccess file incase you need to revert it.

Once you have amended the code, please test your website to make sure it's working as you'd expect. If everything is working correctly, AutoSSL will check your website tonight and install a new SSL certificate if necessary. Tomorrow morning you can check for an SSL certificate by typing your website address into https://sslanalyzer.comodoca.com/

The AutoSSL system will check your website(s) every night, or if you prefer not to wait, you can manually request it at any time of the day. Simply login to your cPanel control panel, go to the SSL/TLS Status page, then click the "Run AutoSSL" button. This will usually complete in 10-15 minutes.

If you encounter any issues, please open a support ticket and our team will be happy to investigate.