I am server admin which hosts many sites. One of them is running wordpress. If password protect wp-admin/ through cPanel, when browse to site0.com/wp-admin, it falls into a redirect loop.
I found out that this behavior is because wp-admin redirects to wp-login.php if not logged in and if is password protected, somehow authentication rules in .htaccess of wp-admin conflicts with rewriterule(s) in global .htaccess (in public_html) and so redirection goes infinitely. Then if I comment rewriterule(s), login comes up, however inner pages of WordPress no longer work.
public_html/.htaccess:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
public_html/wp-admin/.htaccess:
AuthUserFile "/home/paraf/.htpasswds/public_html/wp-admin/passwd"
AuthName "wp-admin"
<Files admin-ajax.php>
Order allow,deny
Allow from all
Satisfy any
</Files>
AuthType Basic
require valid-user
Protecting wp-admin by htaccess is unnecessary I think, so maybe you are solving problem that isn't there. You can still access wp-login.php directly.
Related
I have several wordpress sites installed in their respective directories under public_html/ and I want to restrict access to public_html/dev/wp-login.php. The dev folder is the root of the WordPress installation for that site.
Since I have Apache 2.4.12 I updated the blocking directive to the new syntax... here's public_html/dev/.htaccess now
<Files wp-login.php>
Require all denied
# Whitelist my IP
Require ip xxx.xxx.xxx.xxx
</Files>
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
This setup will block access to all IPs, not allowing mine. Removing it leaves wp-login.php accessible to all.
Is there something wrong within this code itself? Is something else interfering with it?
The moment it sees Require all denied (or Deny from all) everything stops.
I've checked, double- and triple-checked my IP.
Client added a WordPress install to their document root directory. Afterwards one non-WordPress directory is giving a 404.
In a browser you can access /foo/facebook/index.php with no issues but you get the WordPress 404 page if you try to access /foo_admin/index.php. Wordpress is in / (not pictured here due to clutter).
Here is the entire .htaccess for the doc root directory:
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
EDIT:
Just realized a basic auth .htaccess in /gcb_admin is interfering somehow. Have now tried adding RewriteEngine off both before and after the basic auth directives but this changes nothing. Removing basic auth directives allows access to file...
AuthUserFile /home/foof/.htpasswd
AuthName "FOO Admin"
AuthType Basic
<Limit GET>
require valid-user
</Limit>
RewriteEngine off
How do I correct this?
Try this solution - essentially, it just turns off the rewrite engine in that specific directory:
http://wordpress.org/support/topic/exclude-directories-from-wp-rewrite
Add a .htaccess file to the directory that you want the Wordpress rewrite to ignore, with this code:
RewriteEngine off
Or, try changing the last line you have to:
RewriteRule ./ /index.php [L]
I have a Wordpress multisite installed, and would like to understand how the subdomains actually are managed, ie how does my wordpress multisite knows where to find the files/data when a browser request URL user1.domain.com ?
I checked the DNS A record and see only the wild card.
I checked the .htaccess, and it looks as follows:
RewriteEngine On
RewriteBase /
# Protect the htaccess file
<Files .htaccess>
Order Allow,Deny
Deny from all
</Files>
# Protect wpconfig.php
<Files wp-config.php>
Order Allow,Deny
Deny from all
</Files>
# Disable directory browsing
Options All -Indexes
RewriteRule ^index\.php$ - [L]
# uploaded files
RewriteRule ^files/(.+) wp-includes/ms-files.php?file=$1 [L]
RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^ - [L]
RewriteRule . index.php [L]
so I think the .htaccess does not manage the subdomain, or does it?
so then, how does my wordpress multisite knows where to find the files/data when a browser request URL user1.domain.com ?
Im trying to develop a web page based on wordpress, i have done many localy, but want try make the production on the cloud, but want close page access with .htpasswd.
I read a lot of articles, and im follow this steps:
Insatlling wordpress..etc
At point 2, i tried few things:
Create a manually .htacces on the root and put:
<Files .htaccess>
order allow,deny
deny from all
</Files>
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_URI} ^/directoryname1/(.*)$ [OR]
RewriteCond %{REQUEST_URI} ^/directoryname2/(.*)$ [OR]
RewriteCond %{REQUEST_URI} ^/failed_auth.html$
RewriteRule ^.*$ - [L]
</IfModule>
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
AuthName "Texto al gusto"
AuthUserFile /test/.htpasswd
AuthType basic
Require valid-user
Or use some plugins for edit htacces because maybe i was deleting some line uploading mine.
Im triyed deleting some parragrahps on the htacces, the wordpress because i dont have permalinks active, and others.
I put the htpasswd on the test folder and all correct.
I actualize my webpage and appear the popup of the htacces, i put the user and pass and then...always appear this...
Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.
Please contact the server administrator, webadmin#kundenserver.de and inform them of the time the error occurred, and anything you might have done that may have caused the error.
More information about this error may be available in the server error log.
Additionally, a 500 Internal Server Error error was encountered while trying to use an ErrorDocument to handle the request.
I have researched this and unfortunately all I can find is general advice on htacesss and pass wording or general htaccess to redirect etc. None of them are what I am after here.
To sum up, we run a set of blogs all using the WordPress Multisite functionality.
All these files etc and info in the database are referenced by an ID and as such the site does not live in a folder.
I want to restrict one folder with a htaccess that our company uses to allow access to its users.
Normally I would drop that file in the folder and job done.
However, as mentioned there are no physical folders and so I need to somehow add this to the existing htaccess file that WordPress uses to handle everything.
Here is the htaccess file as standard:
RewriteEngine On
RewriteBase /
#uploaded files
RewriteRule ^(.*/)?files/$ index.php [L]
RewriteCond %{REQUEST_URI} !.*wp-content/plugins.*
# deperectaed after upgrade to v. 3.0 RewriteRule ^(.*/)?files/(.*) wp-content/blogs.php?file=$2 [L]
RewriteRule ^(.*/)?files/(.*) wp-includes/ms-files.php?file=$2 [L]
# add a trailing slash to /wp-admin
RewriteCond %{REQUEST_URI} ^.*/wp-admin$
RewriteRule ^(.+)$ $1/ [R=301,L]
RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule . - [L]
RewriteRule ^([_0-9a-zA-Z-]+/)?(wp-.*) $2 [L]
RewriteRule ^([_0-9a-zA-Z-]+/)?(.*\.php)$ $2 [L]
RewriteRule . index.php [L]
<IfModule mod_security.c>
<Files async-upload.php>
SecFilterEngine Off
SecFilterScanPOST Off
</Files>
</IfModule>
What I need to add is the following:
AuthName "You must be a valid user"
AuthType Basic
require valid-user
But I only need it to work on one site, say site id=2 for now. I would possibly like to add sites to this later.
Any help will be greatly appreciated.
Cheers
You can use the filesMatch directive to protect the directories. For a site at the path of /foo/ the following should work:
<filesMatch "^foo.*">
AuthName "You must be a valid user"
AuthType Basic
require valid-user
</filesMatch>
To Make sure the filesMatch directive works, try:
<filesMatch "^foo.*">
order allow,deny
deny from all
</filesMatch>