Securing WordPress – Part 2 addendum

On January 17th I posted a new way to enhance security for WordPress. I discovered a small problem with the final htaccess file and WordPress updating the file.

I wrote the final htaccess file would look like this:

Options All -Indexes
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{THE_REQUEST} /(wp-includes|wp-content)/.*\ HTTP/
RewriteCond %{HTTP_REFERER} !^http://
(www\.)?yourdomain\.com/.*$ [NC]
RewriteRule .* - [F]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress

The problem is if you click on the Update Permalink Structure button in the Admin -> Options -> Permalinks , WordPress deletes everything between the # BEGIN WordPress and # END WordPress and you will loose the part we added ourselves. This will happen even if you haven’t changed the settings, just clicking the button will cause this behaviour.

The final htaccess should be:

Options All -Indexes

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{THE_REQUEST} /(wp-includes|wp-content)/.*\ HTTP/
RewriteCond %{HTTP_REFERER} !^http://(www\.)?yourdomain\.com/.*$ [NC]
RewriteRule .* - [F]
</IfModule>

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress

I apologize for the missing this problem earlier, please update your htaccess so you won’t loose your settings.

This article is filed under the category WordPress and has the following tags associated with it: , , , .
There are no comments yet
Skip to the end and leave a comment.

Leave a comment

For questions and/or support consider using the forums.

reductive-replow
download