Custom directory exclude from protected admin

  • Resolved n381

    (@n381)


    1 year, 11 months ago

    Hello, during some special task of having password meter at front site, that involves requests from wp-admin/js/ – i have to make adjustment of the WP Hide plugin’ output of server rules in the wp root directory htaccess.
    I’ve contacted Support email and got partly response, that as the free version user i understand, so here is the set of rules and modifications(2) with the comments, that could be further improved to finally have possibility of custom directory exclusion from the wp-admin access restrictions safety rules:

    //exampleadmin custom wp-admin directory name
    //wp-admin/js/ directory to exclude from rewriting rules

    RewriteCond %{REQUEST_URI} /exampleadmin$
RewriteRule ^(.*)$ /exampleadmin/ [R=301,L]
RewriteCond %{REQUEST_URI} !^/wp-admin/js/?$ //confirmed with Support ok
RewriteRule ^exampleadmin(.*) /wp-admin$1 [L,QSA]
RewriteCond %{ENV:REDIRECT_STATUS} ^$
RewriteRule ^wp-admin(.+) /index.php?wph-throw-404 [L]

//to do: reverting wp-admin access on the special directory request not ok, file is accessible but also wp-admin direct access instead of 404 

<If "%{REQUEST_URI} = '/wp-admin/js/password-strength-meter.js'">
RewriteRule ^wp-admin(.*) /exampleadmin$1 [L,QSA]
</If>

    Regards

    • This topic was modified 1 year, 11 months ago by n381.
Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Contributor Maya

    (@tdgu)

    1 year, 11 months ago

    Hi,
    The following lines on the rewrites data, block the default admin URL:

    RewriteCond %{ENV:REDIRECT_STATUS} ^$
RewriteRule ^wp-admin(.+) /index.php?wph-throw-404 [L]

    So if need to allow ( exclude from the block rule ) a specific directory (e.g. /wp-admin/js/ ) inside your /wp-admin/ you should update to:

    RewriteCond %{ENV:REDIRECT_STATUS} ^$
RewriteCond %{REQUEST_URI} !^/wp-admin/js/(.+)$
RewriteRule ^wp-admin(.+) /index.php?wph-throw-404 [L]

    Or you can check on a specific file instead:

    RewriteCond %{ENV:REDIRECT_STATUS} ^$
RewriteCond %{REQUEST_URI} !^/wp-admin/js/password-strength-meter.js$
RewriteRule ^wp-admin(.+) /index.php?wph-throw-404 [L]

    Keep in mind that, if you manually update those rewrites, once you change the WP Hide configuration they will be overwriten. Instead you should rely on the filter wp-hide/mod_rewrite_rules to programmatically change the rewrite data as required.

    Hope this is what you looking for.

    Thanks

    Thread Starter n381

    (@n381)

    1 year, 11 months ago

    Thank you very much for the provided solution. It works as described.
    Also, during specifics of front end processing for password meter scripts i need additional setting as requests to ‘wp.i18n'(by 2 .js files) are not found – do you maybe know how to exclude further directories? Is this okay :

    
RewriteCond %{ENV:REDIRECT_STATUS} ^$
RewriteCond %{REQUEST_URI} !^/wp-admin/js/(.+)$
RewriteCond %{REQUEST_URI} !^/wp-admin/other/(.+)$
RewriteCond %{REQUEST_URI} !^/wp-admin/dirfiles/(.+)$
RewriteRule ^wp-admin(.+) /index.php?wph-throw-404 [L]
    • This reply was modified 1 year, 11 months ago by n381.
    • This reply was modified 1 year, 11 months ago by n381.
    Plugin Contributor Maya

    (@tdgu)

    1 year, 11 months ago

    Hi,
    Can you send the URL file path as it shows on the front side?

    Thanks

    Thread Starter n381

    (@n381)

    1 year, 11 months ago

    Hi, i can confirm that solution you’ve provided works as needed.
    Thank you, regards

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Custom directory exclude from protected admin’ is closed to new replies.