WP core could set .htaccess ErrorDocument directive | WordPress.org

batteriesInc
(@batteriesinc)

9 years, 5 months ago
When an external user accesses a site set up for “/?page=123” style URLs, they can force the display of the site’s underlying web engine 404 page by going to a page that lies “outside” WP, say “site.com/abcdefg”. Not only is that untidy, such default pages can sometimes contain information that can assist in working out how to hack a site.

It would be a good yet, simple security measure if WP core could add a site “ErrorDocument 404” option in the root .htaccess that forces a redirect to a 404 page “inside” the WP CMS (like most of the 404.php pages now found in themes).

This directive needs adjusting according to what style URLs are set up for the site (hence the need for WP to do that instead of, say, the various WP security plugins).

At present, I just added a non-existing page number in mine:
```
# BEGIN WordPress
ErrorDocument 404 /?page_id=999999
# END WordPress
```
(a quick thank you to whoever runs http://www.htaccessbasics.com which made this easy to find 🙂 ).

The topic ‘WP core could set .htaccess ErrorDocument directive’ is closed to new replies.

Tags

In: Fixing WordPress
0 replies
1 participant
Last reply from: batteriesInc
Last activity: 9 years, 5 months ago
Status: not resolved

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics