I'm trying to use basic .htaccess authentication in a subdirectory of the root where Wordpress is installed. The problem is the same as this question. The root .htaccess file that Wordpress uses for permalinks doesn't play nice with a .htaccess file I have in a subdirectory that requires authentication.
However, the solution does not work, and even if it did, I cannot use that solution. This is because Wordpress's htaccess generation overwrites anything I put in that section.
What it generates is:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
And what I would like to stick in that RewriteCond list is
RewriteCond %{REQUEST_URI} !(^/admin(/.*)?$)
Navigating to http://www.example.com/admin should use the .htaccess file in that directory to authenticate the user. eg:
AuthName "Admin Area"
AuthType Basic
AuthUserFile "/home/.htpasswd"
AuthGroupFile "/home/.htgroups"
require valid-user
Navigating to http://www.example.com/anywhereelse should redirect to index.php
As it is, I can't even get the RewriteCond shown here to work. It always just shows the 404 page when going into the /admin directory, unless I remove the require valid-user line from the admin .htaccess file. One thing to note is that on that 404 page, the response still contains the WWW-Authenticate header.
So main questions are:
How can I make this work?
Why doesn't it just work as is? Why do I need to exclude the /admin directory?
I've found a solution here. Adding
ErrorDocument 401 default
To the root .htaccess file outside of the section that Wordpress edits seems to have fixed the issue. I'm not sure if it's the best option though. If there are any better solutions, please feel free to post them.
Related
I have WordPress installed in the root folder and in a subfolder. I can access the home page for the WordPress site in the subdomain, but the permalinks does not work – error 404. I have tried to reset the permalinks, but it did not help. I can’t find any .htaccess file, so I have created one myself and placed it in the subfolder directory:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /projects/bigsargefitness/
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /projects/bigsargefitness/index.php [L]
</IfModule>
Here is a link to the subfolder WordPress site:
http://ninahortendesigns.com/projects/bigsargefitness/
I have set the database options to the above direction.
Thanks for your help.
You will need to look at a few things:
.htaccess file in the root WP site (WP1) and edit it so that WP1 doesn't catch the URLs and generate 404 errors, I'm not sure if that comment assisted, I've used this answer for a similar issue.
.htaccess file in the sub WP site (WP2) and rename it to "htaccess.old" then log into your wp2/wp-admin, go to "Settings->Permalinks" check the URL structure is as desired (it doesn't usually change) and click "Save" at the bottom of the page. This will regenerate your .htaccess file within the context of the sub-directory and you shouldn't get 404 errors when you visit sub-pages like this
Here's the code from the first link edited so that it should work with your site, although if you have additional rules, you should only insert the line under the comment.
# BEGIN WordPress
RewriteEngine On
RewriteBase /
RewriteRule ^index.php$ - [L]
# Include in the next line all folders to exclude
RewriteCond %{REQUEST_URI} !(projects) [NC]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
# END WordPress
If you have custom rules, only insert these lines
# Include in the next line all folders to exclude
RewriteCond %{REQUEST_URI} !(projects) [NC]
Assuming you're a designer and are uploading examples of sites you've built, you should only have to do step 2 the next time you upload a new site to the wp1/projects/ sub-directory
Cause
Error 404 occurs when the resource or path you requested cannot be reached. In this case it's likely because URL rewrite isn't working properly, hence the permalink requests were still being directed to the requested path (e.g. /projects/bigsargefitness/your-category/your-post-name) instead of the rewritten path (i.e. /projects/bigsargefitness/index.php).
The following solution assumes you use Debian/Ubuntu, otherwise the principles should remain the same.
Solution
Firstly, ensure that the rewrite engine has been installed:
sudo a2enmod rewrite
Then, ensure that the engine is allowed for the subdirectory by editing/adding the following lines in the file /etc/apache2/sites-available/your-site.conf:
<Directory /var/www/projects/bigsargefitness/>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
The key here is to ensure that the line says AllowOverride All instead of AllowOverride None.
Finally, restart your server:
sudo service apache2 restart
Let me know if this helps.
I am trying to set up a Wordpress installation, where Wordpress is in a subdirectory, but where the subdirectory is always rewritten out of the URL.
I've been trying to follow a whole bunch of other questions / posts about doing this, but no one else's solutions seem to work for me, and a lot of the time they just get the pages to load, without removing the subdirectory from the URL, which is crucial for me.
I'm also hoping for a solution that will work the same locally (http://localhost/wordpress) as it will on a live server (http://example-site.com). However, I'll explain the problem from a local point of view:
My root folder is structured like this:
.htaccess
wp /* contains all wordpress core files */
wp-content /* custom wp-content folder, which is set to be pointed at in my wp-config */
wp-config.php
So, if we ignore the .htaccess, the site would be accessed by going to http://localhost/wordpress/wp, and the goal is to access it by just going to http://localhost/wordpress.
This was achieved using this .htaccess:
RedirectMatch 302 /wp/$ /wordpress/$1
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteBase /wordpress/
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ wp/$1
RewriteRule ^(/)?$ wp/index.php [L]
</IfModule>
However, at this point, my wordpress installation was set to use default permalinks, which create pages like http://localhost/wordpress?p=12. I need to set this to a different permalink type, which uses URL segments rather than query parameters, like http://localhost/wordpress/hello-world. Once that setting is changed, I can no longer access other pages with that .htaccess (the home page still works fine though)
I tried using this .htaccess:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule ^index\.php$ -
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /wordpress/wp/$1 [L]
</IfModule>
Which now causes the sub pages to load, though the home page no longer does, nor do some asset files, like http://localhost/wordpress/wp-includes/css/admin-bar.min.css
I can't seem to find a solution that makes everything work at the same time!
I'd also like to mention that I have a very small understanding of writing .htaccess files, so if anyone is going to answer this, please explain things like I am an idiot, as I may not understand you otherwise.
I am considering that you have redirected the domain to the relavant folder, or on shared hosting you have setup the domain to point to your subfolder. I am also considering that you are adding the htaccess to the root. Here is code from the official codex for your situation.
RewriteEngine On
RewriteCond %{HTTP_HOST} ^(www.)?YourDomain.com$
RewriteRule ^(/)?$ blog [L]
Replace yourdomain.com and blog with website address and directory. Delete everything else from the file. Then goto settings > permalink and change the permalink to what ever you want.
I have a wordpress install in /, which has the following .htaccess
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
I have a small internal photo-archive page in /photo-archive, which has the following .htaccess:
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^([^?]*)$ /photo-archive/index.php?path=$1 [NC,L,QSA]
#AuthType Basic
#AuthName "Photo-Archive-Test"
#AuthUserFile "passwd"
#require valid-user
What's listed above works, but the photo-archive isn't password protected (since those lines are commented out).
Testing:
When I uncomment those lines, instead of getting the photo-archive front page and a password prompt, I get wordpress's 404 page.
If I comment out wordpress's .htaccess and uncomment all of the lines in the photo-archive's .htaccess, then I get the photo-archive's page with password protection.
If I comment out the photo-archive's rewriteengine stuff and uncomment the password stuff, then I still get wordpress's 404 page.
So it seems that somehow wordpress is picking up on the fact that the page is password protected and then is applying its rewriteEngine code as a result.
Any idea what's going on here or how to fix it?
Edit: There is only one line causing the problem: require valid-user
Edit2: After doing some research online, it seems like what's happening is apache is going to the photo-archive page, getting a 401 (unauthorized) error, tries to give that error to the browser, the browser looks that page up somehow, and wordpress serves up its 404 page, since it doesn't have a 401 page. I don't know how to fix it, but I think this may be the cause.
Try this in your WP .htaccess:
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_URI} !/photo-archive [NC]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
I added "ErrorDocument 401 /401.html" to the top of the wordpress's .htaccess file.
401.html is just a simple html file right now, it could be anything:
<html>401 error</html>
I got the answer from here: http://wordpress.org/support/topic/htaccess-and-subdirectories
.htaccess files are additive. Whenever you request a page, the webserver basically goes through every directory down the tree from the root (specified by the closest match of in the httpd.conf file), and adds all the .htaccess files together. As it traverses them, it parses each one. Later .htaccess files override previous ones, but only for the same specified items. RewriteRules are cumulative.
So what I think is going on is that the authorization in the password protected directory is forcing a 401 response ("Authorization Required") back to the client. Normally, the client would get the 401 and ask for a password.
However, in this case, this 401 response is intercepted by the WordPress RewriteRules which says to rewrite everything to WordPress. This is because .htaccess's are cumulative and your closest matching Directory is the root.
So, by forcing an ErrorDocument for the 401 response before the WordPress rules, you pre-empt them (since the file actually exists, the RewriteRules won't take effect upon it), causing your 401 document to be sent instead of rewriting to WordPress. However, the client doesn't give a crap about that document, it sees the 401 and asks for a password.
Notice that if you fail to give a password three times (depending on the client), you'll probably get forwarded back to WordPress. This may or may not be what you want. If you add the 403 line, you'll get either your error document or a 403 Forbidden page back, not certain which.
Other possible solutions:
- Add a new Directory statement to httpd.conf, specifically specifying your password protected directory, thus bypassing the wordpress rewrites from the htaccess search path.
- Add another rewrite to the top of the wordpress rewrites that pre-empts them for that directory only.
But forcing a 401/403 document seems like the best solution to me, since it will work with any password protected subdirectories you care to add, without having to specify them.
Good morning Stack! My website is currently structured like this:
http://www.mywordpressite.com/
http://www.mywordpressite.com/.htaccess
http://www.mywordpressite.com/portal/
http://www.mywordpressite.com/portal/.htaccess
My understand of the universe is that if I navigate to portal, (4)'s .htaccess will parsed instead of (or with preference over) (2)'s .htaccess. In reality, I am observing that even while navigating to (3) http://www.mywordpressite.com/portal/, the .htaccess from (2) is taking over.
As you can imagine, the root directory is a wordpress site with a standard wordpress .htaccess file:
/.htaccess
<files wp-config.php>
Order deny,allow
deny from all
</files>
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
The portal is a Laravel portal, with a standard Laravel .htaccess file
/portal/.htaccess
<IfModule mod_rewrite.c>
Options -MultiViews
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [L]
</IfModule>
What I've noticed is that if I remove (2) /.htaccess, all of a sudden, everything works with the portal, so there is certainly collision occurring. I won't post my vhost stuff here since both .htaccess's work / do what they are supposed to do -- just not at the same time:
/.htaccess redirects pretty much pipes all input where the input doesn't correspond to a file or directory into the index.php file for better parsing.
/portal/.htaccess does something similar.
What I've noticed is that with both .htaccesses, if I navigate to a route that usually would be parsed by the portal's .htaccess, such as http://www.mywordpressite.com/portal/this/is/a/route I end up getting a 404 from my wordpress site (eg it piped the url into the /index.php file of the wordpress root directory), and of course that page doesn't exist in WP.
When I remove the wp /.htaccess, of course wordpress doesn't work right anymore, but all of a sudden, the portal's .htaccess starts working fine and http://www.mywordpressite.com/portal/this/is/a/route fires the appropriate route by piping the url parameters into /portal/index.php for processing.
This seems backwards to me. Any suggestions?
I think your problem lies in the fact that you've left out a RewriteBase in the portals access file:
RewriteBase /portal/
I'm not a hypertext access genius, so I can't explain what happens when you leave it out. But I'm sure that's the solution.
I have moved a site from my test dev to a live server (its wordpress) and for some reason no matter what page I click on only the homepage loads.
Think I have narrowed it down to my htaccess file:
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
and this line in particular:
RewriteRule . /index.php [L]
If I remove this or remove the htaccess completly I get a Forbidden 403 error.
I was hoping someone could help me figure this out?!
Very common issue is redirect plugin. Disable all plugins and post back. Have you got your website in the root folder or is it in the sub directory?
Update:
Changing the Site URL
There are four easy methods to change the Site URL manually. Any of these methods will work and perform much the same function.
Edit wp-config.php
It is possible to set the site URL manually in the wp-config.php file.
Add these two lines to your wp-config.php, where "example.com" is the correct location of your site.
define('WP_HOME','http://example.com');
define('WP_SITEURL','http://example.com');
This is not necessarily the best fix, it's just hardcoding the values into the site itself. You won't be able to edit them on the General settings page anymore when using this method.
Source
Update:
Goto
wp-config.php
and add
define('WP_HOME','http://example.com');
define('WP_SITEURL','http://example.com');
Turned out there were a bunch of random files in the root, with the FTP I only had access to the public_html. There were a number of htaccess files and other config files which we cleared out and it solved the problem.