WordPress.org

Ready to get started?Download WordPress

Forums

BulletProof Security
[resolved] Adding a .htaccess file to the root (35 posts)

  1. csbarnard
    Member
    Posted 1 year ago #

    Hi,

    Is there a procedure to add a .htaccess file to the root of your site where the WordPress installation is in a subfolder?

    Can the .htaccess generated by BPS be copied to the root folder or is there a procedure/set of tweaks to make it work. Or is it a case of coding the .htaccess yourself.

    Hope that makes sense!

    http://wordpress.org/extend/plugins/bulletproof-security/

  2. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    Here are some basics about .htaccess files.

    .htaccess files are actually Server configuration files and to be 100% technically correct they are called "distributed configuration files".

    .htaccess files work in a hierchical way. If a root folder has an .htaccess file in it it will try to apply the security rules in that root .htaccess file to all subfolders recursively. If a subfolder (subfolderA) has an .htaccess file in it then subfolderA will follow the rules in its own .htaccess file. WebsiteB will also follow the rules in its own .htaccess file.

    /WebsiteA/.htaccess
    /WebsiteA/subfolderA/.htaccess
    /WebsiteB/.htaccess

    If you want to manually add an .htaccess file to the Document Root folder of your Hosting account then I assume that you do not have a WordPress site installed in the Root folder and either have another type of site such as an HTML site or no site is installed in the Root folder and you just want to protect that Root folder correct?

    If you have an HTML site in your Root folder or you just want to protect the root folder and that root folder contains an index.html or index.htm file then see this Forum link >>> http://forum.ait-pro.com/forums/topic/bps-html-htaccess-file-for-html-websites-or-subfolders/

    If the root folder contains an index.php file for some other website type then yes you can use the subfolder .htaccess file from your WordPress site and you would just change the RewriteBase to RewriteBase / and also your RewriteRules from /subfolder/index.php to just /index.php.

  3. csbarnard
    Member
    Posted 1 year ago #

    Hi,

    I really appreciate that thorough answer, it is very generous. In my case I just want to protect the root folder. So that link is excellent.

    As I have tried other .htaccess files - I am however still getting a server error, even with this file - is there something else that needs to be configured in the file.

    I am not sure I am adding my site correctly to the rewrite rules?

    Again appreciate the response.

    Chris

  4. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    I see in another thread that you posted that you have a WordPress Network/Multisite installation.

    Have you installed/setup BPS correctly for your Network/Multisite site? >>> http://forum.ait-pro.com/forums/topic/read-me-first-free/#network-multisite

    I would need the specific details about what you are trying to do exactly. Example: I have a site installed here (/subfolder-name) and it is site type (HTML, WordPress, etc). I do X and then Y happens. The error message is: [post your error message]. The rewrite rules i am using are [post the rewrite rule] for the site X located in folder Y. Thanks.

  5. csbarnard
    Member
    Posted 1 year ago #

    Hi,

    No that wasn't me was it :-(? I don't think I've posted about this before!

    My site is root - it has a splash page then one wordpress subfolder with multisite set up running two sites.

    BPS seems to be working okay on the multisite setup...

    My issue is simply what changes I need to make to the .htaccess you gave me the link to to make it work on my server in the root folder.

    I think you have to add your domain somewhere....

    I'm getting HTTP Error 500 Internal server error.

    I hope that makes sense :-)

    Chris

  6. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    I was referring to this thread - this is how/where i figured out that you have a Network/MU site >>> http://wordpress.org/support/topic/cant-set-up-multisies?replies=5

    Ok so this is your site architecture correct?

    root directory (/public_html)
    /splash page here

    subfolder directory (/public_html/subfolder)
    /subfolder/mulitsite is installed here - Network/Multisites need to be installed in the Root website directory correct? I do not think they work correctly installed in a subfolder.

    Yes BPS works fine in general for Network/Multisite installations.

    What exactly is in your Root folder / Document Root folder / root of your Hosting account? >>> this is the root folder / (/public_html). Is there an index.htm file or index.html file or index.php file in your root folder? Is there a site installed or in the root folder? Or do you just have files in the root folder and one of those files is a Splash page? In order for your root directory to work correctly you have to have one of these file types in it: index.php, index.htm or index.html (or index.asp but this would be a Windows index file and htaccess files do NOT work on Windows Servers).

  7. csbarnard
    Member
    Posted 1 year ago #

    Sorry for the delayed response...

    Whoops forgot about that thread completely! Shows how much the whole thing was causing me grief!

    The set up is just as you have described it:

    In the root folder you refer to in the last paragraph I have index.html installed. So:

    My website root: public_folder

    1. index.html
    2. wordpress folder containing MU installation.

    Beside folders for images and css in the public_html folder that's it.

    I hope that makes sense...

    Chris

  8. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    Ok great then you would use the html version of the of the HTML htaccess file posted in the Forum here >>> http://forum.ait-pro.com/forums/topic/bps-html-htaccess-file-for-html-websites-or-subfolders/

    But I am still unsure about having a Network/Multisite installation in a subfolder. I am not a MU expert, but from what i remember reading once you are ONLY supposed to install a Network/MU site in your Root folder or it will not work correctly if installed in a subfolder. Please look around and confirm this. it has been a while since i looked into this so things might be different now for Network/MU WordPress installations.

    The cause of the problem could be simply that you cannot install a Network/MU site in a subfolder, but i could be wrong about this.

  9. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    Ok i looked around and you would have to do this. You would have to do a Giving WordPres its own directory type of installation for what you have setup on your site. This means that your root folder will have to contain the index.php file in order for this setup to work correctly. See the WP Codex link below.

    http://codex.wordpress.org/Giving_WordPress_Its_Own_Directory

    Also please read through these WP Codex pages

    http://codex.wordpress.org/Before_You_Create_A_Network
    http://codex.wordpress.org/Create_A_Network

  10. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    And this is what i thought meant all WordPress Network/MU installations but it is actually ONLY for subdomain MU installations.

    WordPress must be installed in the root of your webfolder (i.e. public_html) for subdomains to work correctly. They will not work from within a subdirectory.

  11. csbarnard
    Member
    Posted 1 year ago #

    Ah!

    I'm really sorry - I've misinformed you. The WP installation is in a subdomain 'mysite.mysite.com'. It appears as a subfolder in the server directory. On describing my setup I got confused.

    It's in fact the only way I could get my set up to work!

    So the links from the splash page go here:

    mysite.mysite.com

    AND

    mysite.mysite.com/second site...

    So in fact the MU installtion is in the root - just in a subdomain! I do feel like I'm the only person in the world who has set up - it's counter intuitive for many reasons but works for the client.

    My problem with the .htaccess is does it need configuring in any way - ie. changing URLs within the file to get it work...

    Thanks you again for your time and detailed answers...

    Chris

  12. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    Yep that makes sense. A true subdomain site is its own unique Domain with a DNS A record pointing to it (installation folder name). ;)

    Subdomain Site = Root website

    If the Splash page is in the same folder as your MU installation then it is not in fact in the Document Root folder for the Hosting account and is in the Root folder for the MU site.

    So now i do not understand your original question at all.

    What exactly is the question?

  13. csbarnard
    Member
    Posted 1 year ago #

    Ha ha ! Yes sorry...

    I think you've answered it - the WordPress in this case may have muddied the water...!

    I just need a secure .htaccess file for my the main domain - http://www.mysite.com.

    I was wondering if I can somehow copy the BPS file from the SUBDOMAIN :-) with a few tweaks.

    But you kindly sent me a link to do just that, my issue was on my server I was getting server errors - so wondered what needed tweaking...

    Hope that makes sense :-)

  14. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    Ok so one question has been answered then correct?

    The other question is about errors that are occuring.
    I need to know more information about your website. Please see this post and then post this information in your reply.
    http://wordpress.org/support/topic/read-me-first-before-posting-a-new-thread?replies=1

  15. csbarnard
    Member
    Posted 1 year ago #

    Thanks so much...

    At the moment for some reason I can't see the Network Dashboard :-( I hadn't noticed before.

    I'm not sure why this is - perhaps the 3.5 upgrade.

    It 's a new problem, I can't access the plugins...Even in the two sites set up in multisite...!

    Let me com back to you - it must be a different problem...

    Chris

  16. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    Do you have BPS .47.7 installed? Double check your root and wp-admin htaccess files to make sure they do not contain these old security filters.

    OLD root .htaccess security rules
    RewriteCond %{QUERY_STRING} ^.*(\[|\]|\(|\)|<|>|%3c|%3e|%5b|%5d).* [NC,OR]
    RewriteCond %{QUERY_STRING} ^.*(\x00|\x04|\x08|\x0d|\x1b|\x20|\x3c|\x3e|\x5b|\x5d|\x7f).* [NC,OR]
    
    NEW root .htaccess security rules
    RewriteCond %{QUERY_STRING} ^.*(\(|\)|<|>|%3c|%3e).* [NC,OR]
    RewriteCond %{QUERY_STRING} ^.*(\x00|\x04|\x08|\x0d|\x1b|\x20|\x3c|\x3e|\x7f).* [NC,OR]
    
    OLD wp-admin .htaccess security rule
    RewriteCond %{QUERY_STRING} ^.*(\[|\]|\(|\)|<|>).* [NC,OR]
    
    NEW wp-admin .htaccess security rule
    RewriteCond %{QUERY_STRING} ^.*(\(|\)|<|>).* [NC,OR]
  17. csbarnard
    Member
    Posted 1 year ago #

    Hi

    So sorry for the delay - I checked and I have the latest version installed .47.7.

    If I disable the plugins folder to see if it is a plugins issue the problem is still there no network dashboard. And if there is no network dashboard - I can't configure the plugins....

    But I think I'm asking you to help now with a problem that perhaps has nothing to do with BPS?

    I simply can't access the plugin to get the information you asked for.

    Chris

  18. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    Which web host do you have?
    What Hosting Account type do you have? Apache Linux or something else?
    Is your Server configured with CGI or DSO / Apache Module?

    Delete the .htaccess file in your root folder and your wp-admin folder and see if this gets you back into your WP Dashboard.

  19. csbarnard
    Member
    Posted 1 year ago #

    The host is Liquid Host - if that means anything to you - I think they are part of Resellers Panel...

    Apache Linux
    CGI

    Deeletd both .htaccess and I got the error message that BPS wasn't properly configured. Tried to jump to the configuration panel from the error message and I'm getting error messages that I don't have sufficient privileges.

    Maybe the wp-config file need updating, or similar....it can't be BPS's fault...:-)

    Chris

  20. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    List of Web Hosts that require 644 .htaccess file permissions – 404 permissions are not allowed on these Hosts and will cause a 403 Error

    If you Web Host does not allow locking of your Root .htaccess file/404 file permissions for your Root .htacces file, then go to the BPS Edit/Upload/Download tab page and click on the Turn Off AutoLock button. This will prevent your Root .htaccess file from being automatically locked when you upgrade BPS, which will prevent a 403 Error from occurring on your website.

    webmasters.com
    LiquidWeb.com

    If your Host is LiquidWeb.com then this known issue exists above for your host. There are several hosts that use "liquid" in there hosting name so your host could be a different host.

    There are a few possibilities here since you are getting the error message that you do not have sufficient permissions.

    1. Your folder permissions are set too restrictive. Make sure that your folder permissions are set to 755 and file permissions should be set to 644. Very likely.

    2. You have set group ownership permissions that are blocking you from being able to write to folders. Not likely, but possible.

    3. Your host is using open_basedir and a restriction is blocking the creation of the root .htaccess file. Not likely, but possible.

    4. You have the 404 permission problem on your host that I quoted above. Not likely, but possible.

    5. Another plugin is causing this problem. Deactivate all other plugins and see what happens then. Moderately likely.

  21. yellowsub
    Member
    Posted 1 year ago #

    I happened to read this thread and as it is pretty much about what I'm interested in; I'm going to post my question here.

    I have followed the aforementioned guide which means that my wp is installed in public_html/blog and the public html contains index.php (modified) as per:

    Change the following and save the file. Change the line that says:
    require('./wp-blog-header.php');
    to the following, using your directory name for the WordPress core files:
    require('./wordpress/wp-blog-header.php');

    Public_html also contains a copy of the .htaccess file (copied from the "blog" folder just like it says in the guide). So all it contains is the permlinks stuff...

    If I start using bps it will create a new .htaccess file into the "blog" folder. Should I copy the file to public_html or is the one with permlinks rewrites all public_html needs?

    The way I see it, bps should be able to do its job without any modifications to the public_html's htaccess as all there is in public_html besides the htaccess and the "blog" dir is index.php which redirects to "blog" anyway.

    In brief, should I copy the bps version to public_html?

    Help is much appreciated.

  22. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    Yep you can use the WP Default .htaccess file in your /public_html root folder or for a GWIOD site you can download the .htaccess file that BPS creates in your "blog" folder and then just change the RewriteBase and all Rewriterules and upload it to your /public_html root folder. Either way is fine.

    Example:

    Change...
    RewriteBase /blog/
    ...to
    RewriteBase /
    
    Change RewriteRule from...
    RewriteRule . /blog/index.php [L]
    ...to
    RewriteRule . /index.php [L]
  23. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    I assume all issues are resolved? If not, then please post another response. Resolving thread.

  24. csbarnard
    Member
    Posted 1 year ago #

    Hi!

    Just back off break. Happy New Year!

    I'm still trying to find out why I can't access my super admin in the multisite set up. As mentioned it can't be BPS causing the problem as I disable the plugins folder (by renaming it) and remove the .htaccess file and the problem is still there.

    So as mentioned I think I'm now describing another problem.

    I have opened another thread for that problem...

    I went through your points, folders directory etc. and everything seems to check out.

    The only thing i can do is come back to this thread when I can see my super admin.

    Thanks for your help!

    Chris

  25. csbarnard
    Member
    Posted 1 year ago #

    Okay I fixed that issue - the database had not been updated to reflect a change of username - which meant there was no super admin access.

    So I went back and added the code to the .htaccess file from here:

    http://forum.ait-pro.com/forums/topic/bps-html-htaccess-file-for-html-websites-or-subfolders/

    I am still getting a server error message. So here is the requested information:

    WordPress Installation Folder: /
    WordPress Installation Type: Root Folder Installation
    Network/Multisite: Multisite: Multisite is enabled

    WP Permalink Structure: /blog/%postname%/
    Permalinks Enabled: √ Permalinks are Enabled
    PHP Version Check: √ Using PHP5

    DNS Name Server:
    Public IP / Your Computer IP Address: 94.65.70.32
    Server Type: Apache/2.2.22 (Unix) mod_ssl/2.2.22 OpenSSL/1.0.0-fips mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
    Operating System: Linux
    Server API: cgi-fcgi - Your Host Server is using CGI.

    Thanks for your help! Really appreciated.

  26. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    You just stated that this was a Network/MU installation and BPS sees that this is NOT a Network/MU installation???

  27. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    oh never mind i read that wrong.

  28. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    What exactly is the problem again?

  29. csbarnard
    Member
    Posted 1 year ago #

    Hi!

    Basically what I was trying to do was add a .htaccess file to my public_html folder.

    I just wanted to copy the BPS .htaccess from mysite.mysite.com to where I have my splash page.

    It IS a strange setup where i have a basic index.html in my main domain with links to the subdomain and the virtual site. So the splash page has basically two options:

    mysite.mysite.com
    and
    mysite.mysite.com/site2

    Hope that makes sense :-)

    Chris

  30. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    I need to know exactly where you existing site is and then i need to know exactly where the splash page is and i need to know what .htaccess files you are putting where and what you are putting in those .htaccess files.

    Example:

    my MU site is here and the .htaccess file that BPS creates is here:
    mysite.mysite.com/site2/.htaccess

    my splash page is here X and the .htaccess file is here X and the RewriteBase and RewriteRule are X and the index file in that folder is X.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags

No tags yet.