Support » Fixing WordPress » WP in a subdirectory: WHICH .htaccess gets these mods?

  • I installed WordPress in a subdirectory of public_html named goodwork.

    I copied WordPress’ .htaccess and index.php (modified to accommodate the subdirectory) from subdirectory goodwork to root directory public_html.

    So now there are two (2) .htaccess files and two (2) index.php files.

    I want to add two simple pieces of code to my .htaccess file, but I’m not sure WHICH .htaccess file to modify… The one in subdirectory goodwork, or the one in root directory public_html?

    The code I want to add is:

    a) Block directory listing/browsing:
    Options -Indexes

    b) All POST requests and access to wp-admin files must originate from MY DOMAIN NAME:

    <IfModule mod_rewrite.c>
    RewriteEngine on
    RewriteCond %{REQUEST_METHOD} POST
    RewriteCond %{HTTP_REFERER} !^https://(.*)?mydomain\.com [NC]
    RewriteCond %{REQUEST_URI} ^(.*)?wp-login\.php(.*)$ [OR]
    RewriteCond %{REQUEST_URI} ^(.*)?wp-admin$
    RewriteRule ^(.*)$ - [F]
    </IfModule>

    Thanks

    • This topic was modified 1 month, 1 week ago by  BothHands.
Viewing 5 replies - 1 through 5 (of 5 total)
  • Hello @bothhands,

    Take a look at https://codex.wordpress.org/Giving_WordPress_Its_Own_Directory. .htaccess should go in the root.

    As a side note, where you install WordPress really depends on your needs and personal preferences. I’ve very rarely needed to have it anywhere but in the root.

    Thanks, Keith. Actually I had already consulted the link you provide. It doesn’t clarify the issue at hand. And in this case, there need to be two .htaccess files and two index.php files (if I understand correctly).

    The pair must reside in the subdirectory AND in the root.

    See this article:
    https://premium.wpmudev.org/blog/install-wordpress-subdirectory/

    • This reply was modified 1 month, 1 week ago by  BothHands.
    • This reply was modified 1 month, 1 week ago by  BothHands.
    • This reply was modified 1 month, 1 week ago by  BothHands.

    You should add it to the .htaccess in the root of your site.

    here is another resource:
    http://www.wpbeginner.com/wp-tutorials/disable-directory-browsing-wordpress/

    Also, to further prevent directory listings, you will see that many themes/plugins have a blank index.php file in every folder but the .htaccess method is surely a great method.

    Thanks. I’ll modify the file in public_html.

    And thanks for the additional link.

    As I understand it, placing that Options -Indexes command in a .htaccess file protects THAT directory and all its subdirectories from directory listing.

    Keith Driscoll

    (@keithdriscoll)

    As I understand it, placing that Options -Indexes command in a .htaccess file protects THAT directory and all its subdirectories from directory listing.

    Correct. That’s why I would place it in the domain root .htaccess file. You should also test it out by trying to get a directory listing yourself 🙂

Viewing 5 replies - 1 through 5 (of 5 total)
  • You must be logged in to reply to this topic.