IT Nursery
  • 1010 Avenue of the Moon
    New York, NY 10018 US.
  • Mon - Sat 8.00 - 18.00
    Sunday: Closed
  • Get A Quote
  • WordPress

    • Stop WordPress and Plugins from Overwriting .htaccess

    • IT Nursery
    • May 1, 2022
    • 0

    How can I prevent WordPress and plugins from overwriting my .htaccess file? I use WordPress to set the structure of my permalinks; so I doubt it is practical to deny all permissions to the file.

    If it is unlikely that WordPress is responsible for overwriting the file, advice on determining what is responsible would be helpful.

    I recently added these rules to .htaccess to redirect traffic to HTTPS.

        RewriteCond %{HTTPS} off
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

    One day later, I found that .htaccess had reverted to its previous state. Following is a portion of the .htaccess file as I intend it.

    # BEGIN W3TC Page Cache core
<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteCond %{HTTPS} off
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
    RewriteCond %{HTTPS} =on
    RewriteRule .* - [E=W3TC_SSL:_ssl]
    RewriteCond %{SERVER_PORT} =443
    RewriteRule .* - [E=W3TC_SSL:_ssl]
    RewriteCond %{HTTP:Accept-Encoding} gzip
    RewriteRule .* - [E=W3TC_ENC:_gzip]
    RewriteCond %{HTTP_COOKIE} w3tc_preview [NC]
    RewriteRule .* - [E=W3TC_PREVIEW:_preview]
    RewriteCond %{REQUEST_METHOD} !=POST
    RewriteCond %{QUERY_STRING} =""
    RewriteCond %{REQUEST_URI} \/$
    RewriteCond %{HTTP_COOKIE} !(comment_author|wp\-postpass|w3tc_logged_out|wordpress_logged_in|wptouch_switch_toggle) [NC]
    RewriteCond "%{DOCUMENT_ROOT}/wp-content/cache/page_enhanced/%{HTTP_HOST}/%{REQUEST_URI}/_index%{ENV:W3TC_SSL}%{ENV:W3TC_PREVIEW}.html%{ENV:W3TC_ENC}" -f
    RewriteRule .* "/wp-content/cache/page_enhanced/%{HTTP_HOST}/%{REQUEST_URI}/_index%{ENV:W3TC_SSL}%{ENV:W3TC_PREVIEW}.html%{ENV:W3TC_ENC}" [L]
</IfModule>
# END W3TC Page Cache core

    This code redirects traffic with a status of 301 as expected, until the .htaccess file is overwritten.

    –Update–
    By placing comments in several sections of the .htaccess file and observing which one was overwritten, I found that plugin W3 Total Cache overwrote the entirety of the section commented with 

    # BEGIN W3TC Page Cache core

    5 s
    5

    If you place your “custom” directives outside of any # BEGIN ... / # END ... comment markers then WordPress (and plugins) should not overwrite them when they update. (Of course, if you have plugins that don’t “play nice” then they could do anything to .htaccess if you let them, so you would need to do something like what @haz suggests in this case.)

    In your case, you can simply place those directives above the # BEGIN W3TC Page Cache core comment. For example:

    # Custom directives
RewriteCond %{HTTPS} off
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

# BEGIN W3TC Page Cache core
<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteCond %{HTTPS} =on
    RewriteRule .* - [E=W3TC_SSL:_ssl]
    :

    You don’t need to repeat the RewriteEngine On directive (providing it occurs somewhere in the file). And your directives are not using RewriteBase anyway – but again, RewriteBase should only occur once in the file. (The last instance of each of these directives is what controls the entire file.)

    (Aside: The parentheses around the RewriteRule pattern are superfluous in your directive.)

    Tags:

    Leave a Reply

    Your email address will not be published. Required fields are marked *