• The root directory htaccess file for our website is not allowing me to access the WordPress Admin Dashboard (wp-admin)

    Error message – “Not Authorized to View This Page [CFN #0004]”

    After reading up on this, I disable the htaccess file in the root directory and I was then able to immediately get in to WordPress Dashboard. The problem is that I was then unable to access the homepage of our website page.

    I have tried everything to resolve this. This is the code in the htaccess file in the root directory

    HTTPS REDIRECT CODE START DO NOT REMOVE, MUST BE FIRST DIRECTIVE IN .htaccess

    RewriteEngine On
    RewriteCond %{HTTPS} !=on
    RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301,NE]
    Header always set Content-Security-Policy “upgrade-insecure-requests;” HTTPS REDIRECT CODE END SSL PROVISIONING CODE START DO NOT REMOVE, MUST BE FIRST DIRECTIVE IN .htaccess

    RewriteEngine On
    RewriteBase /
    RewriteCond %{REQUEST_URI} “./.well-known/.” [NC]
    RewriteRule ^..well-known(/.)?$ – [END] SSL PROVISIONING CODE END

    DirectoryIndex index.shtml [ CP Global Redirection – Start ]

    RewriteEngine On RewriteCond %{SERVER_PORT} !^443$ RewriteCond %{SERVER_NAME} !^www..$ RewriteRule ^(.)$ https://www.%{SERVER_NAME}/$1 [R] [ CP Global Redirection – End ]

    I desperately need some help with this, is it something to do with SSL ? I know that our SQL database shows the following

    The page I need help with: [log in to see the link]

Viewing 9 replies - 1 through 9 (of 9 total)
  • Unfortunately, it is unclear to me where the .htaccess code begins and where it ends in your post. Can you please format it with the code block? See: https://www.ads-software.com/support/forum-user-guide/block-editor/#code-block

    I am particularly surprised why there are words in the middle that are not compatible with .htaccess. Also, it doesn’t seem to be a file like WordPress would create. It should look something like this: https://developer.www.ads-software.com/advanced-administration/server/web-server/httpd/

    Thread Starter csie

    (@csie)

    Sorry I should have been slightly clearer, this code above is in the root directory of our main website, we also have a second htaccess file in root directory of WordPress which is the basic WP coding as below. However, it is the above code that stops me from accessing work-admin dashboard and if I rename (ie disable) the htaccess file above to see if I can get in to dashboard I can get in but I then get a message to say not authorised to get into our home page of our main website which is obviously no good.

    # BEGIN WordPress
    
    RewriteEngine On
    RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
    RewriteBase /
    RewriteRule ^index\.php$ - [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
    
    # END WordPress

    Now that the context is easier to understand, I can also see a reason for the problem. The .htaccess rules from the directory above also apply in the WordPress directory. You have to deactivate these rules to solve the problems. Theoretically, you should be able to do this in the .htaccess file in the WordPress directory BEFORE

    #BEGIN WordPress

    add this here:

    RewriteEngine Off

    If this is not sufficient, the .htaccess file above it will use information that is not mapped via the rewrite rules (mod_auth). In this case, you would need to see how to deactivate this in Apache. Since this is not a WordPress issue but rather a matter of your individual server configuration, I would recommend you take a look at the Apache manual.

    Thread Starter csie

    (@csie)

    Hello

    I tried adding RewriteEngine Off before # BEGIN WordPress but it did not make a difference. Any other suggestions apart from deactivating in Apache ?

    Since it is unclear which properties are set in the directory above and how you can deactivate them in the WordPress directory, I see 3 other options:

    a) Contact a community that specializes in such server configurations.
    b) Find someone who can look at this with you personally. You may find someone like that here: https://jobs.wordpress.net/
    c) Do without the subdirectory for WordPress. Let the domain point directly to the directory. Then the rules above it should not apply at all. You should be able to find out how to configure this in the Apache manual.

    Thread Starter csie

    (@csie)

    Hello

    If point domain directly to the directory, it will mean there would be 2 htaccess files in the same directory, do I amalgamate them into one file ?

    No, there can only be one .htaccess file in a directory. Merging the contents of several .htaccess files from subdirectories is generally not useful, especially if one of the files is generated by WordPress.

    Thread Starter csie

    (@csie)

    https://www.example.org.uk/WordPress/wp-admin/index.php
    https://www.example.org.uk/WordPress/wp-admin/edit.php?post_type=page

    The above links takes me to home dashboard with no issue which is good, why is this ?

    One can only guess without knowing your project. Is there a .htaccess file in the wp-admin directory that undoes the settings as I described? Otherwise, I can’t think of any other reasons. Someone with access to your hosting should be able to find out.

Viewing 9 replies - 1 through 9 (of 9 total)
  • You must be logged in to reply to this topic.