htaccess

Why does multisite bypass WordPress for wp-content, wp-admin, wp-includes and .php files?

by

When you set up WordPress to use multisite, you’re directed to modify your .htaccess file to use one of the following, which are outlined in the admin and the WordPress documentation: Subfolder … RewriteRule ^([_0-9a-zA-Z-]+/)?(wp-(content|admin|includes).*) $2 [L] RewriteRule ^([_0-9a-zA-Z-]+/)?(.*\.php)$ $2 [L] … Subdomain … RewriteRule ^(wp-(content|admin|includes).*) $1 [L] RewriteRule ^(.*\.php)$ $1 [L] … I understand … Read more

WordPress Content Security Policy and Subresource Integrity

by

I have tested my website at https://observatory.mozilla.org/ and I receive the following two errors: Content Security Policy -25 Content Security Policy (CSP) header not implemented Subresource Integrity -5 Subresource Integrity (SRI) not implemented, but all external scripts are loaded over HTTPS I’ve been trying to fix it all morning, but there’s no way to do … Read more

Which HTTP headers to use for subdomain embedding?

by

I have a WordPress site hosted on LightSail (which uses bitnami). The domain is https://example.com On a subdomain https://sub.example.com I have another server running. On this server, I want to embed a page from the main domain https://example.com/a-page. Currently, I am getting errors that permission is denied. I have updated the htaccess file like so: … Read more

Block only external access to wp-cron.php on OpenLiteSpeed

by

I use OpenLitespeed server with multiple WordPress installation and want to restrict external access to some files, only allowing server itself to access them (for example to call cron), so: What I did: RewriteCond %{REMOTE_ADDR} !^127\.0\.0\.1 RewriteCond %{REQUEST_URI} wp-trackback.php|xmlrpc.php|wp-cron.php [NC] RewriteRule .* – [F,L] Result: /xmlrpc.php – returns 403 as expected; /wp-trackback.php – returns 403 … Read more

How to exclude a directory from WordPress permalinks in a Multisite environment?

by

The scenario is as follows: A multisite install with three sites: site1.com (admin) site2.com site3.com Q: How to exclude a folder located in the root directory, which should also be associated with site3.com? That is: exclude a particular directory that does not belong to WordPress so that it is accessible from: site3.com/folderToExclude/ Back in the … Read more

How to create a 301 redirect that doesn’t apply to subsites

by

Scenario: I’m trying to set a 301 redirect so that https://foo.org/events is redirected to a non-WordPress site https://bar.org/events. On my .htaccess file, I set the following: Redirect 301 /events https://bar.org/events/ This worked great until I found out the rule was cascading down to my subsites, which have completely separate and unrelated event pages. In other … Read more

Giving WordPress its own subdirectory – nginx

by

I want to move WordPress installation to a subdirectory without affecting site url – https://wordpress.org/support/article/giving-wordpress-its-own-directory/ (method 1) The article contains only instructions for Apache2. How would it translate to nginx site configuration? <IfModule mod_rewrite.c> RewriteEngine on RewriteCond %{HTTP_HOST} ^(www.)?example.com$ RewriteCond %{REQUEST_URI} !^/my_subdir/ RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule ^(.*)$ /my_subdir/$1 RewriteCond %{HTTP_HOST} ^(www.)?example.com$ RewriteRule … Read more

Should I add the IP of the server that hosts my sites to the list of authorized IPs in the wp-admin/.htaccess?

by

All of my sites were recently hacked and I had to restrict access to the WordPress admin. The logs are now full of denied connections, but I also see errors coming from the IP of the server that hosting them : [access_compat:error] [pid 944] [client XXX.XXX.XXX.XXX:45316] AH01797: client denied by server configuration: /var/www/my-website/wordpress/wp-admin/admin-ajax.php, referer: https://www.my-website.com/wp-admin/admin-ajax.php?action=wp_1_wc_privacy_cleanup&nonce=XXXX … Read more

How to change “wp-admin” to something else without search-replacing the core?

by

for example: foobar.com/wp/edit instead of foobar.com/wp/wp-admin How would I do that? I’ve tried using this in htaccess but it won’t work: ##### ABOVE THIS POINT IS ALREADY INSERTED BY WORD PRESS ##### Admin Base Rewrite ##### RewriteCond %{REQUEST_URI} wp-admin/ RewriteCond %{QUERY_STRING} !sercretword RewriteRule .*\.php [F,L] RewriteCond %{QUERY_STRING} !secretword RewriteRule ^secret_room/(.*) wp-admin/$1?%{QUERY_STRING}&secretword [L] ##### End Admin … Read more