Support » Fixing WordPress » Apache 2.4 htaccess RewriteRule issue

  • Just recently updated our server to Apache 2.4 from 2.2 and have had some issues with password protected directories.
    The accounts affected on the server are all staging accounts.
    We create a staging account as subdomain of our staging domain ( then password protect the root directory (public_html) via cPanel’s ‘Directory Privacy’ option.

    All this worked fine when the server ran Apache 2.2, if you hit the sub domain you’d see the Apache login box and you’d be asked to enter the username and password. Wrong password, cancelled login or no credentials entered would result in a default server ‘Authorisation Required’ message.

    But since updating to Apache 2.4 when you hit a sub domain the Apache login box still appears but if you cancel it or just click login without entering any credentials you still get taken to the ‘protected’ website and are able to see all text content but it’s unstyled all links, css js and images, result in a 404.

    After talking to our server manager he say the issue is the WordPress htaccess RewriteRules. It overrides Apache showing the usual .shtml files.
    We’ve found a work around by adding a new RewriteCond:
    RewriteCond %{REQUEST_FILENAME} !.shtml$
    But that gets over written each time we access the permalink page of WP admin.

    Has anyone had the same issue and found a proper fix?
    Or has anyone got any other advice?

    Is it even a WordPress issue or is it an Apache / mod_rewrite issue?

    WP version – 4.9.4

    Server info:
    cPanel Version – 68.0 (build 29)
    Apache Version – 2.4.29
    PHP Version – 5.4.45
    MySQL Version – 5.5.58-cll
    Architecture – x86_64
    Operating System – linux

    AlowOverrides All

Viewing 2 replies - 1 through 2 (of 2 total)
  • Hello @michon_ste

    if apeache team is saying that the WordPress is overriding the .htaccess each time then you can stop WordPress to modify .htaccess from below way

    Make your .htaccess read only. WordPress specifically checks if both the home path and the .htaccess file in the home path are writable, using the PHP is_writable function. If it’s not writable (aka, read-only), WordPress does not attempt to write to it.for Linux based hosting system, make the .htaccess file have 444 or 440 or 400 permissions. Use the smallest one that still works. So the permissions change is a solid solution, but understand that it will prevent anything — WordPress, plugins, themes, etc

    I hope it’ll resolve your issue

    Thanks for the suggestion @anonymousraft.
    That will definitely help when using our work around.

    Still eager to find out why the WP .htaccess rules suddenly stop the server side includes working (.shtml). May be a question for the Apache forum.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Apache 2.4 htaccess RewriteRule issue’ is closed to new replies.