Wordpress, mod rewrite, and htaccess nightmare

February 17, 2009

So I recently blogged about using digest authentication instead of basic for securing your wp-admin directory. When implementing this myself, I had it all set up and working on a subdomain. But, I had the authentication directive in the root .htaccess file as well as the wp-admin/.htaccess file. This made it appear to work just fine. When I went to implement this on here on my live site though, I ran into an issue. The rewrite was being applied no matter what! This resulted in requests to /wp-admin being rewrriten and handled by index.php, and 404'ing.

So save yourself some headaches and searching, and put the following in your root .htaccess file:

PLAIN TEXT

CODE:

ErrorDocument 401 /error.html
ErrorDocument 403 /error.html

Just make sure those files (error.html) actually exist.

I don't exactly know why this works, but it does. I also don't know who is to blame. Textpattern blames Apache configurations for not having valid error documents to serve (they also have the solution). Dreamhost blames overly aggressive rewrite conditions, but I don't know about that either. Seems to me the rewrite conditions are being used correctly. Sure, the requested uri needs authentication, but it exists on disk. Props to other folks too for other ideas, and the final solution.

Next post: Are your event handlers bad?

Previous post: Master bathroom progress

Filed in: Web stuff

Tags: Security, Wordpress

Comments

Recent

Twitter

Twitter service can not be reached right now. Please check back later, or try my Twitter page.

» My delicious bookmarks

Johnvh.com - home of Dallas, Texas based Flash Developer and web enthusiast John Van Horn