Symptoms:
– installation does not progress past the first step, and seems to be in an endless loop.
– cannot create new blocks, either clicking New Code Block button returns Forbidden 404 error OR if you do get the Create New Code Block popup, clicking CREATE does not do anything.
– Various functions do not do anything.
Cause:
AJAX calls are getting blocked by .htaccess rules created by the BulletProof Security plugin
The FIX:
– go into the BulletProof Security dashboard by clicking BPS Security
– go to the Custom Code tag
– scroll to the last text-box at the bottom with the title that says:
‘CUSTOM CODE WPADMIN PLUGIN FIXES: Add ONLY WPADMIN personal plugin fixes code here’
– paste this bypass script inside the text-box:

RewriteCond %{REQUEST_URI} (admin-ajax\.php) [NC]
RewriteRule . - [S=2]

– save this script by clicking the ‘Save wp-admin Custom Code’ button
– click the ‘Security Modes’ tab
– rebuild the .htaccess files by clicking the blue buttons that says: ‘Create secure.htaccess File’
– Look under the title ‘Activate Security Modes’ where it says:
‘Activate Website wp-admin Folder .htaccess Security Mode’
and click the radio button ‘BulletProof Mode’ and then click the blue ‘Activate’ button
– you should now be able to refresh the CJT setup or dashboard page