Improving pattern in .htaccess

  • Trippetchz

    (@trippetchz)


    1 year, 5 months ago

    Hi there,

    First off, thanks for a great plugin!

    I’d like to give back by reporting an issue I noticed with version 1.7.9.2 (has this been fixed?)

    The regex in the .htaccess URL rewrite for wp-admin could be improved. For example, in this autogenerated code block (the last block in a dynamically generated .htaccess file before the # END WP Hide & Security Enhancer comment), when hiding /wp-admin with the string “foobar”:

    
RewriteCond %{REQUEST_URI} /foobar$
RewriteRule ^(.*)$ /foobar/ [R=301,L]
RewriteRule ^foobar(.*) /wp-admin$1 [L,QSA]
RewriteCond %{ENV:REDIRECT_STATUS} ^$
RewriteRule ^wp-admin(.+) /index.php?wph-throw-404 [L]

    the pattern on the first line matches:

    example.com/somepath/blog-page/foobar which is unwanted.

    May I suggest that a caret be added at the start so that the pattern only matches URLs that *begin* with /foobar:

    So

    RewriteCond %{REQUEST_URI} /foobar$

    becomes

    RewriteCond %{REQUEST_URI} ^/foobar$

    as /wp-admin should never be expected at the end of a URL in WordPress?

    I noticed this rule running when accessing my WordPress admin with a bad copy/paste that contained a typo, so I changed the .htaccess file manually, but this change will get wiped out from any changes made by the plugin, so just wanted to flag it as a potential issue?

    Thanks!

    • This topic was modified 1 year, 5 months ago by Trippetchz.
Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Contributor Maya

    (@tdgu)

    1 year, 5 months ago

    Hi,
    Thanks for your valuable feedback, this is much appreciated. I’ll forward it to our developers to take a deep look.

    Thanks

    Thread Starter Trippetchz

    (@trippetchz)

    1 year, 5 months ago

    Nice one. 🙂

    Plugin Contributor Maya

    (@tdgu)

    1 year, 5 months ago

    Hi,
    Apparently, this creates issues when deploying the WordPress into own directory https://wordpress.org/support/article/giving-wordpress-its-own-directory/
    We will check further on how that should be addressed.

    Thanks

    Thread Starter Trippetchz

    (@trippetchz)

    1 year, 5 months ago

    Hi there,

    Okay.

    But just to comment, I don’t understand that problem, as described.

    At least with Apache-compatible implementations, the .htaccess file resides with the WordPress root, right? So even if WordPress was installed in a directory, say for example, http://example.com/alice/, the .htaccess file would reside in something like /public_html/alice/.htaccess and hence rules from there would be relative, as with root directory installs?

    I don’t know though as I haven’t tested that deployment.

    In any case, it should be unwanated behaviour to redirect the replaced /wp-login.php or /wp-admin strings at the *end* of a URL.

    Good luck and thanks!

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Improving pattern in .htaccess’ is closed to new replies.