.htaccess help: Can't access non-wordpress php files in web root

  • I’ve been running a wordpress install for several years in the root oh my web host ( https://www.surfrock66.com ) I also have several other php pages for random things, like testing or special functions ( https://www.surfrock66.com/RygelWatch.php ).

    I don’t know when it broke, but several versions ago all other pages not related to wordpress stopped working. That RygelWatch.php page (which is a view of my webcam to watch my dog when I’m not home) just presents a 404 page from wordpress. I know the problem is with my .htaccess file, and I’ve tried some of this: https://wordpress.stackexchange.com/questions/20152/cannot-access-non-wordpress-subdirectories-as-wordpress-overrides-them-with-a-40

    None of it worked, and I don’t wanna move wordpress to a subdirectory. This used to work. I’ve tinkered with the .htaccess file a bit…but I have an 8 month old, so my tinkering time has gone down greatly and I need someone smarter than me to help ?? My .htaccess file for / is below:

    AddType text/x-component .htc

#Expire Header
<FilesMatch "\.(ico|jpg|jpeg|png|gif|js|css|swf)$">
ExpiresDefault A5184000
Header append Cache-Control "public"
</FilesMatch>

# compress the files
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/x-javascript
# removes some bugs
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
Header append Vary User-Agent

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine Off
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress

## BEGIN WORDPRESS LOCKDOWN ##

## IMPORTANT - If you customize the rules below, change the line above to read '## BEGIN WORDPRESS LOCKDOWN - CUSTOM ##'

# Rules to protect WordPress from malicious code injections
<FilesMatch "\.(php)$">
# Deny everyone but localhost access to PHP files. See the next stanza for index.php and wp-login.php public access.
  Order Deny,Allow
  Deny from all
# Append additional IPs to the line below if external web access to PHP files is needed.
  Allow from 127.0.0.1
</FilesMatch>
<FilesMatch "index.php|wp-login.php|wp-comments-post.php|wp-cron.php|load-styles.php|edit.php|post.php|wp-tinymce.php">
# Allow anyone to access files listed above.
  Allow from all
</FilesMatch>
## END WORDPRESS LOCKDOWN ##
Viewing 3 replies - 1 through 3 (of 3 total)

  • I’m having the same problem. I think it’s some script running on my host. I’ll get back about that.

    Thread Starter surfrock66

    (@surfrock66)

    I actually figured it out…the actual file had like 50 blank lines between “# END WordPress” and “## BEGIN WORDPRESS LOCKDOWN ## and my file editor in cpanel put that cleanly off the screen. In “<FilesMatch “index.php|…”>” just add your other php files.

    Well, so for me the problem is different because I have other php files related to my site that are not listed on the white list created by the .htaccess.

    For example, in my website I use timthumb to generate thumbnails for images and since this .htaccess change the images on the website are not showing (404 error).

    One quick fix would be add the file timthumb.php to the whitelist like this:

    <FilesMatch "index.php|wp-login.php|wp-comments-post.php|wp-cron.php|load-styles.php|edit.php|post.php|wp-tinymce.php|timthumb.php">

    But the problem is that the file keeps being rewrited and my edit is gone.

    I’ve tried to change .htaccess file permissions with no success and now I’m filling a ticket to my host support.

    I hope this help clarify things to other people with the same issue.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘.htaccess help: Can't access non-wordpress php files in web root’ is closed to new replies.

Tags