1. Home
  2. Forums Index
  3. Server Side / Apache Web Server 11:39 pm May 1, 2026

Forum Moderators: phranque

Message Too Old, No Replies

htaccess wordpress is causing problems with directory security

         

mbressman

12:03 am on Mar 16, 2011 (gmt 0)

10+ Year Member



I'm on a shared hosting provider (that provides me with cPanel), and have recently installed WordPress in my root public_html directory. As a result, my .htaccess has been modified with the following code:

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress


This seems to have broken directory security, as I have a directory that I secured using the "Password Protect Directories" options in cPanel. It seems that when you do this, the directory is hidden from view and only accessible if typed directly...and this is causing the above entries in htaccess to not see that directory (I think) and therefore pass me on to WordPress for a 404 error. Any way to fix this? (I might be wrong on my assumption above, but I am definitely sure that if I un-password protect the directory, I can access it, and when I re-password protect it, I can't access it anymore and get a WordPress 404 error). Thanks for any help!

- Marc

ergophobe

4:32 pm on Mar 16, 2011 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



What do you mean "hidden from view and only accessible if typed directly"? That is what I would expect to be the case under all circumustances, password protected or not.

In the protected subdir (or somewhere further up the hierarchy), do you have

Options Indexes

in your .htaccess?

One thing that would certainly get rid of this is to use your CPanel subdomain feature and put the protected dir on a subdomain. That's a simple solution that should take that directory out of the htaccess cascade entirely. I generally find this simpler to manage.

jdMorgan

1:09 am on Mar 18, 2011 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



You could just by-pass the whole problem by forcing the WP code to not mess with that directory-path: 

# BEGIN modified WordPress
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_URI} !^(/index\.php$|/secure-directory/|\.(gif|jpe?g|png|ico|css|js)$)
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
# END modified WordPress

The first RewriteCond by-passes this rule if the request is for index.php itself, for your secure-directory path, or for any included object that the WP script itself cannot generate. This should fix your problem *and* make your WP install run quite a bit faster...

Jim

mbressman

2:33 am on Mar 26, 2011 (gmt 0)

10+ Year Member



I tried putting in that code in my .htaccess, and changing secure-directory with files (since the URL is www.mydomain.com/files) and it didn't work - any other help you can offer? Thanks!

g1smd

3:01 am on Mar 26, 2011 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



It "didn't work" because there is "a problem".

Describe "didn't work" in detail, so that someone can deduce what "the problem" may be.

mbressman

3:14 am on Mar 26, 2011 (gmt 0)

10+ Year Member



The "problem" is that the same thing that was happening in my initial post is still happening - aka - when I attempt to browse to a secured directory that is located under my root public_html directory where I have WordPress installed, I get a 404 error. I can browse fine to non-secured directories though...
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. Server Side / Apache Web Server 11:39 pm May 1, 2026