tommylux

I managed to achieve this using php get file contents and ended up writing a plugin of my own! If anyone gets stuck, check out my plugin.

Been searching for the last hour and couldn’t find anything.. I had my wordpress installation in a dev mode before.. is this anything to go by?

Thanks

Thanks for the quick reply.

I’m not enjoying using Tortoisesvn at all..

Commit failed (details follow):
File ‘E:\_Endomondo Subversion\tags\1.0\endostyle.css’ is out of date
File ‘endostyle.css’ already exists
You have to update your working copy first.

Ok, lets update:

conflicted: …….
E:\_Endomondo Subversion\tags\1.0\endostyle.css
At revision: 460622
One or more files are in a conflicted state.

lets just start again; delete tags/1.0 and commit:
Force Removal
… is not under version control the 1.0 contains unversioned and/or modified file(s) do you want to remove it anyway..

sure, ok:
“no write-lock in ‘E:\_endomondo Subversion\tags”

is there any ftp-like clients I can use? I hate this business of local and remote files, its easier if I can just see my remote files like in cyberduck.

Thanks!

ALTER TABLE wp_login_redirects ADD COLUMN rul_url_logout LONGTEXT NOT NULL AFTER rul_url;

Yep it worked, however, even on a fresh WP installation it didn’t create this column.. Your missing it in your install code:

$sql = ‘CREATE TABLE ‘ . $rul_db_addresses . ‘ (
rul_type enum(\’user\’,\’role\’,\’level\’,\’all\’) NOT NULL,
rul_value varchar(255) NOT NULL default \’\’,
rul_url longtext NOT NULL,
rul_order int(2) NOT NULL default \’0\’,
UNIQUE KEY rul_type (rul_type,rul_value)
)’;

$wpdb->query($sql);

Hi, Yeah, the FilesMatch works great.

Thank you very much for you help!

and the wp-admin htaccess file looks like this:

AuthType Basic
AuthName "tom"
AuthUserFile "mylocation/wp-admin/passwd"
require valid-user

<Files admin-ajax.php>
    Order allow,deny
    Allow from all
    Satisfy any
</Files>

<Files install.css>
    Order allow,deny
    Allow from all
    Satisfy any
</Files>

Would have been nice to put both files on the same line, ie:
<Files admin-ajax.php,install.css>
But this didn’t work.

The <Files install.css> works regardless it is inside wp-admin/css/

Thanks for your help.. ??

Solved; I think.. All I had to do was put in ErrorDocument 401 default in;

ErrorDocument 401 default

# BEGIN WordPress
<IfModule mod_rewrite.c>

RewriteEngine On

RewriteBase /
RewriteRule ^index\.php$ - [L]

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]

Oh Man!

Still no luck..

This guy is having the same problem as me:
https://www.webmasterworld.com/forum92/4676.htm

and in another thread, a guy removes the:
RewriteCond %{REQUEST_FILENAME} !-f
completely and replaces it with:

RewriteCond %{REQUEST_URI} !^/(content/view/.+|index\.php)$
RewriteRule ^(.*)$ /drupal/$1 [QSA,L]

RewriteRule ^content/view/.+$ /index.php [L]

on here: https://forum.modrewrite.com/viewtopic.php?f=4&t=9167

I have tried but no luck. I think it is the way the server handles protected directories.

Hi,

For some reason the rule will not skip:

<IfModule mod_rewrite.c>
RewriteEngine On

RewriteCond %{REQUEST_URI} ^/wp-admin/ [NC]
RewriteRule . - [S=30]

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]

RewriteBase /
RewriteRule ^index\.php$ - [L]

When I comment out the RewriteCond %{REQUEST_FILENAME} !-f it works but as a result, I don’t get a WP 404 error, instead a dirty one.

I have tried all the combinations below:
RewriteCond %{REQUEST_FILENAME} !^/wp-admin/$ [NC]
RewriteRule . – [S=30,L]

The rule already appears to work using the original one above, but doesn’t skip the rest of the Rewrites. Maybe It skips all other Request_URLs and maybe doesn’t skip the FILENAME rules?

Is it possible to make exceptions in the Fequest_Filename rules:
RewriteCond %{REQUEST_FILENAME} !-f !^/wp-admin/
(this doesn’t work)

In the meantime, will try swopping the Request_URL for Request_filename..

Thanks!

Ed, Thanks for your reply; I am able to understand better having spent the entire day trying to get it to work!

When I password protect the wp-admin directory, when the server processes the root htaccess, something in the code is stopping it from being accessed and I get a 404 page. (password protecting the directory causes the 404)

When I comment out the following lines:

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
#RewriteRule ^index\.php$ - [L]
#RewriteCond %{REQUEST_FILENAME} !-f
#RewriteCond %{REQUEST_FILENAME} !-d
#RewriteCond %{REQUEST_URI} !^/wp-admin/.+$ #code1
RewriteRule . /index.php [L]
</IfModule>

I am able to get the authentication box when I browse to /wp-admin

I think the htaccess is able to rewrite anything which doesn’t exist and provide a 404 page, as the server cannot access the wp-admin, i think it is treated as a non existent directory and processes as 404.

How do i edit the htaccess so that I never re-write the wp-admin folder?

My host’s CP only allows me to put in basic auth, I was hoping to change it to digest.. unknowingly if it is supported. My htaccess under wp-admin says:

AuthType Basic
AuthName "Message to display"
AuthUserFile "/home/...etc..blabla.."
require valid-user

<Files admin-ajax.php>
    Order allow,deny
    Allow from all
    Satisfy any
</Files>

Nicolas Kuttler suggested I always need admin-ajax.php and wp-admin/css/install.css (sometimes used on the front end) accessible… What is the syntax for adding that css file to the exception of the directory password?

Thanks Ed, Much appreciated. ??

Tom

Hi AITpro,

Thank you for your quick response; I don’t know how I missed out which folder I was referring to!

I want to protect my wp-admin folder further, I have a dynamic IP, so it wasn’t feasible to put IPs in the htaccess.

I have little knowledge of htaccess files, that’s why I love BulletProof Security so much.. I didn’t realise that you can actually request a password via the htaccess.

My original intention is to use the cpanel’s directory security feature to provide a password before it serves the /wp-admin page. This works without rewrite code I posted previously, but with the rewrite code, I have to disable the directory security because of the 500 errors.

Is it better to request a password in the method you have stated above? I don’t understand what you are referencing with /foo/bar?

If using the cpanel’s directory security feature requires that I need to relax the security on the htaccess file/a step in the wrong directory to secure it further then maybe you advise not to use it?

Thank you

Tom

Guys your right.. Why didn’t I see this! I was looking in the database and all sorts trying to botch it!

There is a real good community going on here, everyone seems more than happy to help..

Thank you.