Exclude Directories From Mod Rewrite

If you installed WordPress in your root directory, there is a good possibility you may have lost access to other files and directories. WordPress’ rewrite rules may have prevented you from accessing those files. Instead, it’s displaying 404 errors.

To fix this issue, you will need to insert a line of regular expression code in your .htaccess file that will exclude your files and directory from being rewritten.

A typical WordPress .htaccess may look like this.

RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]

Here’s the new .htaccess that will exclude certain directories.

RewriteEngine On
RewriteBase /
<strong>RewriteCond %{REQUEST_URI} !^/(foldername|foldername/.*)$</strong>
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]

It’s a simple fix, but it can be frustrating if you don’t know what’s going on.

My WordPress Multi-Site .htaccess File

I just solved my WordPress multi-site problem. I have several blogs located in the subdirectories of this blog. The problem was the media files for my sub-blogs were all broken. If you are aware of the WordPress multi-site setup, WordPress creates a blog.dir directory under wp-content. This is where it keeps all of the uploaded media files such as: images, video, etc for the sub-blogs.

The issue was began when my .htaccess file was overwritten or possibly replaced. At first, I thought it was just an issue with the WordPress options pages which is stored in the wp-options table. But, that wasn’t the case. A quick search in the WordPress forums solved that problem. So, I’m writing this article for two reasons: (1.) So others can benefit, (2.) so I have a record of this fix somewhere.

So, here’s my .htaccess file.

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ – [L]
# uploaded files
RewriteRule ^(.*/)?files/$ index.php [L]
RewriteCond %{REQUEST_URI} !.*wp-content/plugins.*
RewriteRule ^(.*/)?files/(.*) wp-includes/ms-files.php?file=$2 [L]
RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^ – [L]
RewriteRule  ^([_0-9a-zA-Z-]+/)?(wp-(content|admin|includes).*) $2 [L]
RewriteRule  ^([_0-9a-zA-Z-]+/)?(.*\.php)$ $2 [L]
RewriteRule . index.php [L]
</IfModule>
# END WordPress

WordPress Blogs Hacked Via Config File

A number of WordPress blogs hosted at Network Solutions were hacked according to ZDNet. A malicious hacker was able to create a script that scanned for WordPress config files which contain MySQL database credentials in plain text.

WordPress config files should only be read by Apache only with permissions of 750. Most users have their permissions set to 755. WordPress users should set their permissions to 750 to avoid from being hacked.

Another way of protecting WordPress config files is to use .htaccess. Add the following code to your .htaccess file.

# protect wpconfig.php
<files wp-config.php>
order allow,deny
deny from all
</files>

WordPress and Password Protected Directories

I think I just solved an issue with WordPress Permalinks and password protected directories that use Apache’s .htaccess. Here’s the problem in detail. I have WordPress installed on the root of my domain. Under that domain, I have a directory that I want password protected using .htaccess. It’s just a directory containing a few PHP scripts. Every time I try to access the password protected directory, I get a 404 page missing error. WordPress is confused thinking the directory is a post or a page. Since it’s not, it generates a 404 error instead.

The workaround for this is to place a couple of error codes at the top of the .htaccess to pre-empt the WordPress .htaccess rules. There are a couple of scenarios. If there is 401 situation, an authentication in this case, it will send the user to the error document which is just a blank html file. The WordPress permalinks rule never gets processed or is ignored. If there is a 403 error code, a forbidden situation in this case, it will send the user to that error document as well.

Here is the working .htaccess file. You will see the two error code rules at the top of the file. Underneath, you will see the standard WordPress permalinks rules.

ErrorDocument 401 ./blank.html
ErrorDocument 403 ./blank.html
# BEGIN WordPress
&lt;IfModule mod_rewrite.c&gt;
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
&lt;/IfModule&gt;
# END WordPress

Simple fix. Thanks to aiso.net.

Prevent Others From Hotlinking

You can stop others from hotlinking on your site with the use of the .htaccess file in Apache. Hotlinking is when others are directly linking to an image or a file on your server. It’s bad because, they are using your server’s resources and bandwidth for free. You can edit your .htaccess file usually located in your root directory. If you don’t have one, just create one. It must start with a period, .htaccess. Enter this code:

RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?mysite\.com/ [NC]
RewriteCond %{HTTP_REFERER} !^$
RewriteRule .*\.(jpe?g|gif|bmp|png)$ /images/nohotlink.jpe [L]

Read more.