How to Allow Multiple Files via .htaccess

Forum Moderators: phranque

Message Too Old, No Replies

How to Allow Multiple Files via .htaccess

Multiple <Files> in a Row

adder

8:08 pm on Jul 26, 2011 (gmt 0)

Hi,

I've tweaked my Wordpress installations to protect them from hackRs.
The /wp-content folder contains a .htaccess that denies certain type of files and behaviour.

In order to get some plugins to work, I need to allow them to do stuff inside my /wp-content. Eventually, I've ended up with quite a few exceptions and I'm curios if I can shorten the instructions somehow.

So, if I have to allow two particular files, do I have to write:

<Files "whateverplugin.php">
Allow from all
</Files>
<Files "anothergreatplugin.php">
Allow from all
</Files>

Or can I do:

<Files "whateverplugin.php" "anothergreatplugin.php">
Allow from all
</Files>

I like to keep my code as short as possible... cannot help it :)

lucy24

9:08 pm on Jul 26, 2011 (gmt 0)

<FilesMatch "(whatever|anothergreat)plugin\.php">
blahblah
</FilesMatch>

You can also use wild cards (? for a single character, * for any number) but Apache itself [httpd.apache.org] says FilesMatch is better.

adder

9:37 pm on Jul 26, 2011 (gmt 0)

ok, thanks, but what if the file names I want to allow are:
someplugin.php, good_function.php, another-widget.php
I mean, if there's no common footprint?

lucy24

12:14 am on Jul 27, 2011 (gmt 0)

Then you have to choke back the desire to keep your code as short as possible-- which is admirable-- and make separate <Files> statements. It would be nice if Apache said explicitly that you have to make a separate statement for each file. But they do something which is almost as useful: they don't tell you how to combine multiple filenames in a single statement. Where Apache is concerned, that tends to mean you can't do it.

Or you can go to Option B, which is to shift the whole thing over to mod_rewrite. This is apparently a bit tricky with WordPress. Read over the last week or two* of posts in this forum and see what's useful.

* Normally it would be "the last year or two" but when it comes to Apache, people ask the exact same question several times a day so it is seldom necessary to search further.