I use Timber for WordPress.
Currently I'm able to see my all source code from twig files in the browser.
Example:
localhost:8000/wp-content/themes/name-of-theme/views/base.twig
when hitting this url I can see code from base.twig file.
How to stop rendering twig files in the browser or redirect them from /views/*.twig completely? Is it possible with Timber or need special configuration with .htaccess globally? I would like to configure it inside my theme - which folders and files can be viewed by the browser. I think it's not secure because anyone can see logic from my twig files if has its name.
In your .htaccess file add the following
<Files *.twig>
order allow,deny
deny from all
</Files>
Related
I use VPS hosting and Debian, then i installed Wordpress. I upload file in one specific file and unfortunately it is accessiblevia browser:
qartulad.online/wp-content/movies/2018/
People can access to every file on this directory. But people cannot access to other Wordpress directory:
qartulad.online/wp-content/
How can i block access to my specific directory too?
How is the access on this domain blocked?
ftp01.srulad.net/hd3/cfb32710293800d2c041409ae665c998/
You have multiple ways to do this.
You can do it on the server level via the httpd.conf or .htaccess. (httpd is the best spot to do it)
In the httpd.conf
Look for Options Indexes FollowSymLinks
Change it to Options FollowSymLinks
In the .htaccess add before the WordPress block.
Options -Indexes
There are also plugins that will do it. iTheme Security has more or less a one click that does a lot of the basic security like directory surfing etc.
I have many pdf files in wordpress media. I want to stop downloading this pdf files. I want only display the pdf file but not download. How can i achieve this through htaccess. Can anyone please help me
Possible duplicate to Blocking Pdf Files From Direct Access Using .htaccess
Try using
Order Allow,Deny
Allow from all
<Files ~ "\.(gif|jpg|png|pdf)$">
Deny from all
</Files>
How can I upload a folder like a regular site and place it within a Wordpress folder but not have wordpress override the URLs for that particular folder.
Thanks
Your question is not really how you can do this, but why do it?
WordPress is overriding your URLs because of its own permalinks and rewrite rules in the .htaccess that handles the folder Wordpress is installed in and all subdirectories. Read https://codex.wordpress.org/htaccess
In order to place a "regular" site within a WordPress folder, you're going to have to work out some complex regex expressions https://stackoverflow.com/questions/tagged/regex and integrate them into Wordpress's own rewrite rules so both sites work. And then, when you change WordPress's own permalinks from admin and WordPress writes changes to .htaccess https://stackoverflow.com/questions/tagged/.htaccess, your own custom rules won't function anymore.
Directories below a directory with an .htaccess file will inherit those rewrite directives, so you can "negate" rewrite rules by putting a blank .htaccess file - or one with your own rules in it - in that folder. And this directory inheriting method is further controlled by server directives, if you have access to Apache httpd; which you won't, unless you're running your own server.
Again, why make things so complex? If you're going to use WordPress, integrate your content and site into WordPress. It is straightforward to integrate your own PHP and MySQL data into a WordPress site through the use of page templates. If you want a plain PHP/MySQL site in the same hosting area as WordPress, keep it separate.
I have to set a temporary html splash page, but ensure all links remain the same.
Hence the root / still launches the Wordpress home page but the fist page shown when users hit the site will be first.html
Can anyone provide ways of doing this via htaccess or any other way?
The site is running in an Apache environment with CPanel.
You can use this in your .htaccess to set the default index page
DirectoryIndex first.html
But then how are you going to get to your wordpress site after that shows? You'd have to use some type of Javascript redirect or meta refresh and modify your .htaccess rules. If I was going to do something like this, I'd use a plugin that is designed to have a splash screen and then show the site. There seems to be several usable ones.
https://wordpress.org/plugins/search.php?q=splash
I finally figured it out, so in case this helps anyone else...
I added this to my .htaccess file:
DirectoryIndex first.html index.html index.php
Then in my functions.php file I added the line:
remove_filter('template_redirect', 'redirect_canonical');
The above line allows the Wordpress front page to run from /index.php
If this line is missing then the index.php page keeps redirecting back to / and displaying first.html
Now the home page and site can stay where it was without modifying any configuration settings and the permalinks can remain unchanged.
When we no longer want the first.html to display, we remove the line in the htaccess and the filter call.
I have recently moved my blog from one serever to another. I am now unable to restore my permalink structure.
Now my permalink strucure has become /?p=123. Whenever, I try to change it to any other custom permalink structure, it throws 404 for all the posts. Check the blog at http://microreviews.org
I have been forced to make the permalink structure as /?p=123. All the entries from search engines are however on the old structure /%postname%/
None of the plugins for the same seem to work and I am stuck with the ?p=123 structure.
What should I do?
Assuming you're on Apache server:
You don't have the .htaccess file on the new server, or
the new server doesn't have mod_rewrite turned on, or
the new server ignores the .htaccess files, or
any combination of the above :)
The other option instead of using .htaccess (although Wordpress is built around modifying that file) you can take the contents of the .htaccess file and add them to a directive in your httpd.conf (or virtual host config file). This approach requires more access to your apache installation (i.e. it might not work with some hosting solutions), but according to the Apache httpd documentation it's more secure and less work on the server since apache will scan every directory for .htaccess files each time a page is accessed and it will re-load the .htaccess file(s) every time the page is accessed as well. If the access is put into the server config then it is loaded once at apache start-up (or on a server reload) and that's it.
For example:
If your .htaccess file contained the following for the /www/htdocs/example directory
AddType text/example .exm
Then the following in your httpd.conf file would be equivalent
<Directory /www/htdocs/example>
AddType text/example .exm
</Directory>
The approach of editing your main configuration instead of .htaccess does not require that you specify AllowOverride to something other than None.
In this case, you'll still need mod_rewrite enabled for permalinks to work correctly.