WordPress.org

Ready to get started?Download WordPress

Forums

iThemes Security (formerly Better WP Security)
BWPS adds rules to .htaccess in subdirectory rather than root (12 posts)

  1. GermanKiwi
    Member
    Posted 10 months ago #

    Currently, I have WordPress installed into a subdirectory at http://www.example.com/wordpress, although the site address is just http://www.example.com. (This is a supported configuration).

    And I've enabled HackRepair.com's blacklist on the Ban tab of BWPS. This results in a whole bunch of entries being added to the .htaccess file.

    However, BWPS adds those entries to the .htaccess file which is in the /wordpress subdirectory, and I believe this is incorrect.

    Instead, it should add those entries to the .htaccess file which is in the root directory. This is where WordPress itself adds its own mod_rewrite rules, and I believe this is the correct place for all WordPress .htaccess rules to reside, even when WordPress is installed into a subdirectory. There doesn't need to be any .htaccess file in the /wordpress subdirectory, if there is one in the root directory already.

    It would be great if BWPS 4.0 would add its rules to the .htaccess in the root directory and not create a second .htaccess file in the subdirectory where it is not needed.

    Thanks!

    http://wordpress.org/extend/plugins/better-wp-security/

  2. gh0stshell
    Member
    Posted 10 months ago #

    sounds like a feature request

    it will put the settings in the .htaccess that is where WP is

    i have a WP main site with WP in two sub dir and each has its own .htaccess and has different settings in each

  3. GermanKiwi
    Member
    Posted 10 months ago #

    Well, WordPress itself does not do that. But I'm referring to the situation where WordPress is installed into a subdirectory, but it is using the root directory as its site address.

    Therefore, on the General Settings tab, I have this:

    WordPress Address (URL): http://www.example.com/wordpress
    Site Address (URL): http://www.example.com

    This is an officially supported configuration, as described in the Codex.

    When you have WordPress installed into a subdirectory like this, but you're using the root directory for the site address, then WordPress itself will store its own .htaccess settings in the .htaccess file that is in the root directory. (And the Codex document I've linked above also instructs you to put the .htaccess file into the root directory as well).

    The scenario you have described, gh0stshell, is different than this. You would not be able to have two WordPress installations running out of two subdirectories, and have both of them using the root directory for the Site Address, obviously! :)

  4. GermanKiwi
    Member
    Posted 10 months ago #

    ...Therefore I don't believe this is merely a feature request, but also a bug report or at least something that BWPS isn't doing in the correct or ideal/optimal/preferred manner.

  5. gh0stshell
    Member
    Posted 10 months ago #

    WP had no bearing whatsoever on where the htaccess is, some plugins just add and edit the file, non create or move the htaccess

    You did not get the entry below i posted

    "i have a WP main site with WP in two sub dir and each has its own .htaccess and has different settings in each"

    I have a WP main site (1 htaccess)

    i also have WP in two sub dir ( 2 more htaccess file)

    each has ITS OWN .htaccess file and EACH had its own settings

    is one of my many site setups clearer now?

    What i am saying is that it sounds like since WP is in the sub dir that it sees the .htaccess there and edits that one and not the one in the root dir

    i have a beta site and will test this now and confirm the above

    As part of my test i will have no htaccess file except in the root dir and see what happens, i have 36 sites so i can test multiple setups and variations to see what happens

  6. GermanKiwi
    Member
    Posted 10 months ago #

    Thanks for the clarification of your setup, and yes I understand how yours is set up now - with three WP sites in total. Obviously with that scenario, each of your WP sites will have its own .htaccess file in its own respective directory, and your "WordPress Address (URL)" will always be the same as your "Site Address (URL)".

    So this is still a different scenario than what I have, whereby my WordPress Address and Site Address are different from each other - so WordPress is running from the site's root URL, but is installed into a subdirectory.

    In my scenario, the .htaccess file goes in the root directory, when WP is installed into a subdirectory. This is also described and confirmed at http://codex.wordpress.org/Giving_WordPress_Its_Own_Directory.

    I also disagree with your statement that "WP had no bearing whatsoever on where the htaccess is" - this is not correct. In my setup, with the WP files installed into the subdirectory, WP itself will still update the .htaccess file in the *ROOT* directory. I'm not referring to a plugin, but WP core itself. It does this, for example, when you go to the Permalinks page and click Save Changes - WP itself (not a plugin) will then add its own section to the .htaccess file, and it uses the copy in the ROOT directory, even though it's installed in the subdirectory - it's clever enough to do that.

    In fact, you can completely delete the .htaccess file in the subdirectory - it's not needed, and WP core will never use it or write to it. It will only write to the copy in the root dir.

    BWPS, however, isn't so clever. Even when there is no .htaccess file at all in the subdirectory, BWPS will simply create a new file there and write its stuff to that one, rather than using the already-existing .htaccess file in the root directory, which WP Core is writing to. And that's the crux of the matter - I believe BWPS shouldn't do that. WP Core is somehow able to "know" that it's running out of a subdirectory install, and BWPS should be able to figure that out too.

  7. GermanKiwi
    Member
    Posted 10 months ago #

    ....At http://codex.wordpress.org/Giving_WordPress_Its_Own_Directory, have a look at the last paragraph (point #4) at the end of the section titled "Moving a Root install to its own directory".

    There it says:

    WordPress will automatically update your .htaccess file if it has the appropriate file permissions. If WordPress can't write to your .htaccess file, it will display the new rewrite rules to you, which you should manually copy into your .htaccess file (in the same directory as the main index.php file.)

    So that is the root directory - ie. the directory where the main index.php file goes - which you've just copied to your root directory in step #7 above. WP will write to that location if it has the appropriate file permissions on that .htaccess file.

  8. Exponom
    Member
    Posted 10 months ago #

    I have the same issue with my WP installation in subdirectory. BWPS Ban hosts list doesn't work at all. Any banned IPs still have access to the site, search is available, etc. just css may not work properly.
    Ban hosts list is starting to work only if you put the Denied IP list into htaccess which placed in the root directory.

  9. Exponom
    Member
    Posted 10 months ago #

    Any idea how to fix it? Just install WP in the root?
    because if WordPress installed into a subdirectory, anyone can attack the site without any limits.

  10. Christine
    Member
    Posted 10 months ago #

    I'm wondering if my htaccess is correct now looking at this- I used this plugin because i wanted to be sure I was putting things in the right htacess file and assumed it would sort it out for me.

    I have a site installed in a sub directory and point it to the main domain like you describe GermanKiwi-

    So should most of what better wordpress security plugin puts in the htaccess file in the directory with the wp files such as wp-config etc....as it does by default, or should they be in the htaccess above the directory with the modified index file (if that is the set up) or just the black listed ip range? Would love to know. Thanks.

  11. GermanKiwi
    Member
    Posted 10 months ago #

    Until BWPS can fix this, I would suggest just finding the entry which BWPS inserts into the .htaccess file in your WordPress subdirectory (ie. where WP is actually installed), and copying (or moving) that text into the .htaccess file in your root directory. Then it should work fine I believe.

    I don't think it matters if the BWPS entry is *also* in the .htaccess file in the subdirectory - I think it won't do any harm there, and will just be ignored - but I think the key thing is having it in the .htaccess file in the root directory, so you should be fine to just copy it there.

  12. Christine
    Member
    Posted 10 months ago #

    OK many thanks :)
    I've copied the BWPS stuff into the root htaccess and all seems fine- actually I realized that the options all index rule was not working properly for me before and now it does- so hopefully everything will be ok now.
    Chris

Reply

You must log in to post.

About this Plugin

About this Topic

Tags

No tags yet.