Support for ".htaccess" files is not enabled or is not operating correctly.

Does ZenCart 1.5.7 come with an .htaccess file because I don't see one in the unzipped file directory? My host (hostmonster) technical support says I need to add the information to the .htaccess file. I don't remember ever having to do this before...

Zen Cart doesn't come with a .htaccess for the first directory, because it doesn't need one.
It has various types of .htaccess content in various subdirectories in order to protect those directories specifically.

If you need one in the public_html directory of your store for specialized reasons, just create one and put into it whatever you need.

If you're writing this post because zc_install is telling you .htaccess protections are not supported properly, then that's because zc_install tried to access files that SHOULD be protected by the supplied .htaccess files, but that access was not properly blocked. In that case you either didn't upload the .htaccess files that come in the various subdirectories (sometimes Windows hides those files or FTP programs skip them), or your hosting company's server rules aren't working to enable the .htaccess stuff.

Here is a screen shot:
Attachment 19125

Ya, you probably didn't upload the .htaccess files that exist in the various subdirectories.

There was no htaccess file in the new subdirectory folder for my new version and I had to tell my host to upgrade the PHP to 7.3 for that folder as my current running version broke with newer php. Host tech support enabled the 7.3 on the new site folder and added an .htaccess file. The php error went away but the ones in my screen shot didn't. I just deleted the .htaccess file and the 7.3 error returned. I'm lost.
Attachment 19126

Part of the problem may be the PHP level of the older version of Zen Cart.

If you are trying to run two PHP levels that are not compliant with BOTH versions of Zen Cart, it will not work if the carts are at the same level.

Your older cart probably has the .htaccess file because your cPanel set the file either through cPanel's setting the PHP, setting a 301 redirect, or both. Most cPanel-created .htaccess files are to set the PHP for that folder. Here's an example of both.

Code:

---

# Needed before any rewriting
RewriteEngine On


# Redirect HTTP with www to HTTPS without www
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule .* https://%1%{REQUEST_URI} [R=301,L]
# Redirect HTTP without www to HTTPS without www
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
# Redirect HTTPS with www to HTTPS without www
RewriteCond %{HTTPS} on
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule .* https://%1%{REQUEST_URI} [R=301,L]


## 301 Redirects


# php -- BEGIN cPanel-generated handler, do not edit
# Set the “ea-php72” package as the default “PHP” programming language.
<IfModule mime_module>
  AddHandler application/x-httpd-ea-php72 .php .php7 .phtml
</IfModule>
# php -- END cPanel-generated handler, do not edit

---

This makes sure that, no matter if http or www is used, all requests for the domain wind up at htps://YOURDOMAIN.com and sets the PHP level at 7.2 Other than providing a PHP level for the folder, this .htaccess is, as DrByte says, not required for Zen Cart.

Let's say the older version is in public_html (aka the root) and the PHP is 5.6.4. Nothing you or the host does will "allow" a higher PHP on another folder at the same level. Normally, a site is at "home/public_html". If you move your 1.5.7 folder to "home/", you can then set the 1.5.7 folder to the 7.3 and it will "take". This will allow you to finalize 1.5.7 while ensuring that your older site will be working as well.

As to the gzip... About five years ago, gzip was slacking off and hosts started using other compression methods. Gzip has turned things around, and we prefer it over the other methods. Thus, we still see a GZip setting in Configuration > GZip Compression.

You're actually with HostGator and on a wordpress server. That may or may not drive what kind of response they give you.

Not denigrating your host. One of my main concerns with the current COVID-19 response mode, is customer service. Whereas we used to have several folks at various levels BUT, all within shouting distance of each other. Phone goes to mute, "Hey Fred. You ever run into (insert first-time problem here)." If Fred can't help, Susan will probably know.

Problem is, Fred and Susan are now at their dining room table miles apart. It's more the luck of the draw with tech support than it ever was. If the person you get has never had such a problem, it's 50/50 that you will get a correct answer. All customer support is having to deal with this now.

Do you recommend me migrating away from the hostmonter/hostgator and wordpress server?

They are fine hosts. I am concerned with anyone being on a WordPress server as it is so prone to attack. Even they tout a WordPress Security Plugin.

Just making you aware of the fact you need to visit here to get the straight Zen Cart position before taking their solution.

I've always said that you could have a PhD in keyboard and not know anything about a mouse.

They are, naturally, going to be most familiar with what they run into on a daily basis. Doesn't mean they don't know their job. They just might not be completely familiar with ALL scenarios.

It's not uncommon for a host to point a finger at Zen Cart first and research their setup second.

Just the first chart on Infected Websites shows why we decided to not support WordPress, Joomla!, and Magento. Once a hacker finds their way on a server, all sites on the server are vulnerable.

It's not the host's fault in 99.9% of the cases. Most of the sites that get infected (60+%) were not current when compromised. Magento wins the award for better than 90% of infected sites being non-current at the time of breach.

If Zen Cart releases a security patch, we make sure it's on all our sites.

You'll note OsCommerce at 0.3% and Zen Cart is lower than that.

Unlike Zen Cart, I don't believe any on the list have ever been PCI certified.

Interesting article - thanks for sharing.

I'm actually surprised OpenCart isn't higher on this list.

The data is three years old so, I'm sure percentages of one or the other have changed as people get bitten by one and move to another.

One of our customers was paying thousands a year for "total" Magento care. When I showed them they were four years behind just in security patches, that relationship ended rather abruptly.

Zen Cart is the ONLY thing I know of that you get MORE than what you pay for every time.