Question with loading 403/ 404 error pages and htaccess

by

I uploaded an html 403 and 404 page to my WordPress theme directory and if I hit a random mistake after .com such as .com/yyyy then it loads the 404 page for example – so all is good…

However…I would like the 403.php to be shown when someone outside my permitted IP string attempts to access my log in page.

This .htaccess rule works great BUT it create a never-ending loop as WordPress tries to find the 403.php page..

<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{REQUEST_URI} ^(.*)?wp-login\.php(.*)$ [OR]
RewriteCond %{REQUEST_URI} ^(.*)?wp-admin$
RewriteCond %{REMOTE_ADDR} !^111\.111\.22\.33$
RewriteRule ^(.*)$ - [R=403,L]
</IfModule>

So you can see on the last line that there is R=403 which is trying to find the 403 page, but it can’t find it…

I therefore added the following lines (trying one at a time) but they didnt work:

ErrorDocument 403 /403.php
ErrorDocument 404 /404.php

and then I tried

ErrorDocument 403 /index.php?error=403
ErrorDocument 404 /index.php?error=404

And no joy…

Should the 403 and 404 template have WordPress specific php at the top of the template?

Or – how can i correctly call the 403.php when the user WITHOUT the correct IP address tries to access the log in page?

Thanks!

2 Answers
2

it create a never-ending loop as WordPress tries to find the 403.php page

Not WordPress, but Apache. WordPress never even sees the request.

You need to make an exception for your custom 403 error document, otherwise, the directives you have posted would issue another 403 for the error document itself… an endless loop.

If your ErrorDocument is defined like so:

ErrorDocument 403 /403.php

Then you can either create an exception before your existing rules like this:

RewriteRule ^403\.php$ - [L]

Which effectively instructs mod_rewrite/Apache to do nothing when the /403.php document is requested.

Or, incorporate this into your existing rule block. For example:

RewriteCond %{REQUEST_URI} ^(.*)?wp-login\.php(.*)$ [OR]
RewriteCond %{REQUEST_URI} ^(.*)?wp-admin$
RewriteCond %{REMOTE_ADDR} !^111\.111\.22\.33$
RewriteRule !^403\.php$ - [R=403,L]

The ! prefix on the RewriteRule pattern negates the regex. So, this rule block will only be processed if the /403.php document is not requested. Note that [R=403,L] is the same as [F].

Or, you can simply disable your custom error document instead and use Apache’s default error response:

ErrorDocument 403 default

Leave a Comment