I have a WordPress site hosted on MediaTemple. I don't know anything about .htaccess editing, so I copied and pasted from online sources (MT and others). I added the following lines to my .htaccess file to prevent hotlinking:
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)mydomain.com/.*$ [NC]
RewriteRule \.(png|jpg)$ http://example.com/example.png [F]
The problem is of all the png and jpg image files I have on my site, one of them isn't showing up on my iPad or iPhone. All image files are located in the same directory.
At first, none of images on my home page weren't showing up. I did some Googling and found other ways to construct the last line, so I've tried changing [F] to [NC,F,L] and [NC,R,L] as well. I got 2 of the 3 images to show up. At one point, some of the images didn't even show up in my media library when logging into wp-admin on my desktop. Everything works just fine, of course, when I comment out the lines. I tried clearing the cache on my devices, but that didn't work either.
There is no rhyme or reason I can find. MT tech support had no solution. Googling has turned up nothing. Can't find an answer specific to my problem on SO, but got some insight here - Prevent Hotlinking through CSS via .htaccess - where user states "some browsers will don't send HTTP_REFERER and legitimate users will end up seeing broken images." But if my other images are showing up, this can't be a problem with HTTP_REFERER.
I don't have a problem with hotlinking because I don't have any images worth hotlinking, so I personally can live without this, but in the event I design a site for a client who wants to prevent hotlinking, I need to have .htaccess work.
Don't know if this matters, but I also have .htaccess files in my wp-content and wp-admin folders, too, but I don't think they're causing the problem.
Related
Getting started with a droplet on Digital Ocean, so far it's been a fun process. Now I want to begin migrating my site, so I set everything up and created an index.php to where to my root dir as a "construction" page for now. I'm setting up WordPress in a sub-dir and moved all of the contents via all-in-one WP Migration which has always worked perfectly for me.
I've given every dir and file inside of root/public_html (WordPress installation) rwx and atm ownership has been changed to www-data. So I got to loadup my site which atm would be something like <ip address>/public_html and I log in and I am propmted with the wp-admin screen. Everything is working, media files are uploaded, theme is there etc.
When I go to my home page, all the images load but I immediately notice the admin bar at the top, the wp-glyphs aren't loading and I'm getting those weird squares when your computer/phone doesn't know what it's trying to look at. Also any front-end page other than my home returns a 404. My homepage again is accessed by <ip address>/public_html so you would think my about page would be <ip address>/public_html/about, which is where WordPress is sending me to when clicked, but I receive a 404.
I've spent probably 4-5 hours now trying to figure this out and eventually turned to a guide that walks you through it but nada so far.
Can anyone offer a suggestion?
EDIT
I'd like to add that I followed WordPress's instructions on modifying the .htaccess file. I'm assuming it goes in the subdirectory correct?
.htaccess
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /public_html/
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /public_html/index.php [L]
</IfModule>
Just as a reference for myself and anyone who might stumble upon this.
Solution
The answer was that apache was not configured correctly to read .htaccess files. If you are experiencing the same problems and have set up your own VPS, go to apache.conf, etc/apache2/apache.conf and find the correct <Directory></Directory> directive that corresponds with your website directory. Inside you should see an option that reads AllowOverride None. Change this to AllowOverride All.
If this is not the solution for you, at least it's another step out of the way.
Are you able to access wp-admin
If yes then go to dashboard->setting->permalinks
and update the permalink and the problem solved
Access your dashboard by logging in wp-admin then access settings then permanent links, Change them to any of the provided styles save the change it again to your preferred one. This will work well.
Approximately 2 months ago I installed a SSL certificate on my site, catherinerushforth.com. I changed the site and WordPress URL in the admin area of WordPress to include https:// instead of http://. All was fine.
Then, about 2 weeks ago I started to have a problem with "Mixed Content" errors on all pages except the main home page. There doesn't seem to be an issue when viewing the site with Safari but there is a problem with Chrome, Firefox and Internet Explorer. I inspected the Javascript console in Chrome (as an example) and saw multiple "Mixed Content" errors
This is what I have do so far to try and fix these mixed content errors:
Changed http:// to https:// in the WordPress Admin section for the site and WordPress URLs (Settings/General)
I've added "define('FORCE_SSL_ADMIN', true);" to the top of the wp-config.php file.
I've added the following piece of code to the .htaccess file:
RewriteEngine on
RewriteCond %{HTTP_HOST} ^catherinerushforth.com [NC]
RewriteRule ^(.*)$ https://catherinerushforth.com/$1 [L,R=301]
With this code I get "ERR_TOO_MANY_REDIRECTS"
I've also tried the plugin, WordPress HTTPS (SSL).
None of the above have worked.
Does anyone know what I am doing wrong and/or have any suggestions as to how I can fixed this issue?
Many thanks.
WordPress version: 4.2.2
Theme: X-theme v.4 (although issue was the same in previous version of this theme)
Site: catherinerushforth.com
UPDATE
If I simply remade each page for my site (which I will probably have to do at some point due to X-Theme now using their CornerStone page builder) would this ensure all links were https:// and not http://?
Remove
define('FORCE_SSL_ADMIN', true);
from wp-config.php, be sure you have changed http:// to https:// in WordPress Admin, and then force SSL for front and backends with this in .htaccess above the WordPress rewrite block:
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://catherinerushforth.com/$1 [R=301,L]
That only forces SSL; you still need to find the site resources which are loading non-SSL.
So use the developer tools in Firefox (or Firebug) or Chrome or Safari or IE to see the errors with specific site resources.
And:
• you should change URLs of media items and links in the post/page content to https so they don't depend on the redirect in .htaccess. Search RegEx is a good plugin to be able to search and replace (optionally with grep) through all posts, pages, excerpts, comments, titles and meta. And, interconnectit.com WordPress Serialized PHP Search Replace Tool can be used to find/replace in the entire database, i.e. metadata, GUIDs and widget content, etc.
• You may need to change to a relative path for images in CSS files, i.e. background-image: url(http://example.com/themes/wp-content/theme/images/image.jpg) to background-image: url(images/image.jpg)
• You may need to remove the http from absolute paths in php theme files, i.e. change 'http://example.com/image.jpg' to '//example.com/image.jpg'; that will allow your resources to default to https.
RewriteEngine On
RewriteCond %{HTTPS} !=on [NC]
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
Source
So I had this issue on image urls being returned as http://https://website.com/image.jpg. What I did was use the Velvet URL plugin to rewrite the urls for all content from http://https://websiteurl to https://websiteurl. This fixed the issue for me. Cheers
Using ubuntu 16.04, letsencrypt, nginx, apache2, wordpress. For me
1. adding redirect in `/etc/apache2/sites-enabled/000-default.conf` didn't work (too many redirects)
2. adding RewriteRule in .htaccess didn't work (too many redirects)
Finally I installed really-simple-ssl plugin from wordpress and it worked like charm.
Updated Explanation:
I am getting 404 errors for every picture or file I put in the directory via FTP. Here is an example: (The test.html file includes "hello", I've tried html code, css files, images).
The Reason why this is a huge issue is because I am trying to do custom templates for my wordpress site but when I load the .php files (of my templates) on to the server they don't show up in wordpress. Please help me. This problem is impossible to google for/explain well.
RewriteCond %{HTTP_HOST} ^website.net$ [OR]
RewriteCond %{HTTP_HOST} ^www.website.net$
This is probably related to your problem. Your site isn't website.net.
I'm not exactly sure what WordPress has to do with anything since you are not using it for the static html file.
I'm having trouble setting up a directory with php files on a wordpress site.
I understand how to use templates to include a custom php file, but what I'm trying to do is access a php file as if wordpress was not installed. Right now when I create a new directory(dir1) and put an index.php file in that folder, then try to view by going to www.test.com/dir1 it shows a bulleted list with links to header, background, and updates with a text input for searching the website at the bottom.
I'm not sure if this is something that needs to be configure in my cPanel or if its a wordpress setting, or even if its an htaccess issue.
Please help me figure out what I need to do, or even at the very least, help me put into words what I'm trying to do. Thanks!
Usually Wordpress installed in the root has no impact at all on whatever is put into non-wp directories. Can you paste your .htaccess file from the root folder? And does your /dir1/ have any .htaccess?
Wordpress has nothing do to with existing folders/files. Here are some steps you may try.
Make sure your /dir1 doesn't have .htaccess or if in case you have and you need it to have it there, continue doing next steps.
Add some inclusions in rewrite engine of your .htaccess file. You may add something like this:
RewriteCond %{REQUEST_FILENAME} !-d and/or RewriteCond %{REQUEST_FILENAME} !-d
or
RewriteCond %{HTTP_HOST} !dir1
I hope this helps.
Bah, I've figured it out.
anytime I would FTP files onto my server, it would make the owner/group "root"
After I used WinSCP to change my users to match each website, it worked perfectly.
cPanel is a pain.
I'm trying to restrict access to MP3's to users only (i'm using wordpress)
I have my .htaccess set up to redirect back to the homepage unless you click it - to prevent people just typing in the url.
But when a registered user does click it the MP3 doesn't stream (in safari) and when you try to 'download linked file' you get a html file not the mp3.
So basically at the moment no one can download them.
Here's my htaccess code
IndexIgnore *
Options +FollowSymlinks
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://(www\.)?wizzfx\.com/ [NC]
RewriteCond %{REQUEST_URI} !hotlink\.(mp3) [NC]
RewriteRule .*\.(mp3)$ http://www.wizzfx.com/ [NC]
I'll also probably want to include other files than just mp3s at some point too.
The trouble is your technique, as you say, is quite restrictive, yet it's not really that secure (it's easy to spoof the referer header).
A better solution, but again not entirely secure, would be to simply use obscure file naming (making it hard to merely 'guess' the URL), but not setting limits on where and how a user can listen to the file.
If you want absolute security, a plugin that allowed you to upload media, within your WordPress admin, to a directory outside the web root.
Users would then log in to view the uploaded media, but would have to download and save the files in order to use them.
The downloading process would be made using a simple PHP file downloader script, in order to present files outside the web root.