That’s it! Wordpress 2.0 has fucked me off for the last time. I’m facing having to move the entire blog into a sub-directory on incoherently.net due to the insanely aggressive mod_rewrite rules.
I cannot password protect directories, valid directories get hijacked and parsed by wordpress then junked — who the hell decided putting the rewrite rules (that should remain in .htaccess) into the wordpress core itself, was a “really good” idea?
Here’s one for you — what happens when you use .htaccess to restrict a directory in a wordpress folder that is not actually related to wordpress?
Answer? ..borkage.
Update: creating static 401 documents and adding the following rules seems to be a universal fix:
ErrorDocument 401 /[path_to_file]/myerror.html
ErrorDocument 403 /[path_to_file]/myerror.html
I’ve tested it and it does appear to work. Thanks to those who discovered the fix. :)
≡ This is a journal entry relating to the topics of No Tags.
Brendan Borlase is a Systems and Network Administrator living in Adelaide, Australia, having lived, worked and breathed Information Technology for over 12 years. Learn more.
Feedback is encouraged. If you would like to read more, consider subscribing to the regularly updated RSS Feed.
Jan 19th, 2006 at 8:57 pm
I was having the same problems, WordPress 2.0 now basically does a wildcard match on all subdirectories… which is probably not ideal, as you found out.
Here’s the workaround I found.. basically add this to the top of your .htaccess file… and add a RewriteCond line for each subdirectory you don’t want wordpress to parse. in this example, it’ll prevent wordpress from taking over ’stats’ and the file ‘failed_auth.html’
RewriteEngine OnRewriteCond %{REQUEST_URI} ^/stats/(.)$ [OR]
RewriteCond %{REQUEST_URI} ^/failed_auth.html$
RewriteRule ^.$ - [L]
hope that helps!
Jan 20th, 2006 at 12:46 am
Yep.. thanks for that. Sadly Wordpress is ignoring any other rewrite rule (I’ve tried a few) and creating 404’s for content that doesn’t exist (when it should be leaving unknown URI’s alone - that’s what it has always done in the past and is the “correct” method imho).
This whole “hijack every request and parse through WP” is a badly implemented idea, as the whole thing is handled by WP, and not the .htaccess file (where things can actually be controlled).
I think my approach of “moving” the blog to a new subdirectory is going to be the only way - of course that will break existing trackback’s and links (unless I can use rewrite rules to fudge the new URI).
Jan 20th, 2006 at 6:34 am
I had the same issues when I tried to password protect directories. I even asked my host for help as I didnt realise it was WP. They soon put me right on that one.
Jan 23rd, 2006 at 10:17 am
I was also having this problem. There is a way around it that doesn’t involve moving everything into a subdomain, which I found after a lot of digging in the support forums.
in wp-includes/classes.php, change
var $use_verbose_rules to TRUE. (line 864ish)
This way the rewrite rules stay in htaccess rather than being dealt with internally
Jan 23rd, 2006 at 10:22 am
Interesting. My only problem would be that I use SVN to regularly checkout the latest version, so I’d have to edit the classes.php each time. :)
Nice catch though, thanks for the suggestion - it’s something I can definitely use I feel.
May 7th, 2006 at 6:31 pm
The fix below worked for me. My host uses a CPanel admin system… I created a 401 (Unauthorized) error page and it correctly allowed me to login to password-protected directories.
http://textpattern.com/faq/173/password-protected-directories-with-htaccess