WP Htaccess file killed my business??

[gymgangsta]

In June of 2013, I installed a new htaccess file that would lock things down a bit and still allow google through. 2 months later traffic dropped significantly and I have never recovered. Well two years later my income is down 80%. Sure it could be other things, backlinks etc, thin content, privacy etc.

I'm working hard now trying to fight back. I was just wondering if I may post my htaccess file and one of you talented gurus could spot something harmful (some sort of deny command). I would be most grateful for any insight. Thanks so much.

For wordpress 4.3, php 5.4+

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress

# PROTECT WPCONFIG
<files wp-config.php>
order allow,deny
deny from all
</files>

# Enable Leverage Browser Caching
<IfModule mod_rewrite.c>
ExpiresActive On

# Favicon (cannot be renamed)
  ExpiresByType image/x-icon              "access plus 1 week"

# Media: images, video, audio
  ExpiresByType audio/ogg                 "access plus 1 month"
  ExpiresByType image/gif                 "access plus 1 month"
  ExpiresByType image/jpeg                "access plus 1 month"
  ExpiresByType image/png                 "access plus 1 month"
  ExpiresByType video/mp4                 "access plus 1 month"
  ExpiresByType video/ogg                 "access plus 1 month"
  ExpiresByType video/webm                "access plus 1 month"

# CSS and JavaScript
  ExpiresByType application/x-javascript    "access plus 1 week"
  ExpiresByType text/css                  "access plus 1 week"
  ExpiresByType text/javascript          "access plus 1 week"

# Webfonts
  ExpiresByType application/vnd.ms-fontobject "access plus 1 month"
  ExpiresByType application/x-font-ttf    "access plus 1 month"
  ExpiresByType application/x-font-woff   "access plus 1 month"
  ExpiresByType font/opentype             "access plus 1 month"
  ExpiresByType image/svg+xml             "access plus 1 month"

</IfModule>
# End Leverage Browser Caching

# TYPES FIX
AddType text/css .css
AddType text/javascript .js

# Enable GZIP Compression
SetOutputFilter DEFLATE
AddOutputFilterByType DEFLATE text/html text/css text/plain text/xml text/javascript application/x-javascript application/x-httpd-php
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
BrowserMatch \bMSI[E] !no-gzip !gzip-only-text/html
SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip
Header append Vary User-Agent env=!dont-vary
# End GZIP Compression

# DISABLE DIRECTORY BROWSING
Options All -Indexes

# PROTECT HTACCESS
<files ~ "^.*\.([Hh][Tt][Aa])">
order allow,deny
deny from all
satisfy all
</files>

# DISABLE SITEMAP INDEXING BY GOOGLE AND OTHERS
<IfModule mod_rewrite.c>
  <Files ~ "^(post-sitemap.xml|category-sitemap.xml|sitemap_index.xml)\.xml$">
   Header set X-Robots-Tag "noindex"
  </Files>
 </IfModule>

# FORBID COMMENT SPAMMERS ACCESS TO YOUR wp-comments-post.php FILE
# This is a better approach to blocking Comment Spammers so that you do not 
# accidentally block good traffic to your website. You can add additional
# Comment Spammer IP addresses on a case by case basis below.
# Searchable Database of known Comment Spammers http://www.stopforumspam.com/

# BLACKLISTED USER AGENTS
SetEnvIfNoCase User-Agent "Acunetix"          keep_out
SetEnvIfNoCase User-Agent "FHscan"             keep_out
SetEnvIfNoCase User-Agent "Baiduspider"     keep_out
SetEnvIfNoCase User-Agent "Yandex"          keep_out
<Limit GET POST PUT>
 order allow,deny
 allow from all
 deny from env=keep_out
</Limit>
# END BLACKLISTED USER AGENTS

<FilesMatch "^(wp-comments-post\.php)">
Order Allow,Deny
Deny from 46.119.35.
Deny from 46.119.45.
Deny from 91.236.74.
Deny from 93.182.147.
Deny from 93.182.187.
Deny from 94.27.72.
Deny from 94.27.75.
Deny from 94.27.76.
Deny from 193.105.210.
Deny from 195.43.128.
Deny from 198.144.105.
Deny from 199.15.234.
deny from 61.129.102.208
deny from 193.109.91.134
deny from 217.219.192.69
deny from 211.60.171.3
deny from 222.183.140.102
deny from 217.173.0.
deny from 217.173.0.200
deny from 195.225.176.87
deny from 70.86.125.242
deny from 209.68.4.105
deny from 72.21.59.66
deny from 82.104.138.50
deny from 70.230.167.254
deny from 208.111.154.
deny from 74.202.66.134
deny from voxel.net
deny from 66.117.6.90
deny from 59.60.126.12
deny from 142.54.184.181
Allow from all
</FilesMatch>

 

[PopupDevil]

Your problem is somewhere else. Here is nothing to block relevant traffic.
Maybe consider removing "# DISABLE SITEMAP INDEXING BY GOOGLE AND OTHERS" part, point of sitemap is to be found and links from it to be crawled.

 

[DewlanceVPS]

Seems your site is affected by google panda/penguin update however I suggest you to remove user agent code, wp-comment and sitemap code because of there is no any benefit of doing this.

Google love site with good sitemap and you close door for google to get sitemap of your site.

 

[kingofthewiki]

Why do you assume its your htaccess file? How did you come to that conclusion?

 

[gymgangsta]

Thanks for the responses. So you recommend removing the indexing of the sitemap? Doesn't google spider it anyways via the webmaster tools section. I have no errors. I just didn't want the .xml to be indexed in Google. Of course i want it followed. So you think that would help, by removing it.

I'm also combing through log files from back then to figure out what else happened. Google had a major update oct 4 2013 and hummingbird was also happening.... I didn't lose over night, but over two months...

This sucks.... My site is over 11 years old, and was doing great for the last few years,.. there's something else at play.

 

[PopupDevil]

Yes, remove it. There is no point to block access to sitemap file, it is shortcut for search engines to crawl links of your entire site and helps to have it, its pointless to block access to it in any way. If you really want to no-index some pages or posts for some reason, you can use <meta name="robots" content="noindex" /> for it.
Also It is hard to say what happened to your site if we don't know specific details, for example what you did (or did not) with backlinks, content quality, on-site seo, product popularity or relevance, etc. If you tried to mess with bad quality "link packages" and similar "seo" crap, age of domain does not help.

 

[ToddW]

June 2013 you say...
.HTACCESS you say...

I don't think the date is a coincidence