Exclude subdirectory
-
I recently tried to install a new instance of wordpress into a sub directory. However iThemes does not let me execute the install as part of its security settings. Is there a line of code I can add the .htaccess so that iThemes excludes that specific directory. I have tried and failed and would really appreciate some support.
Thanks for the great plugin!
-
Are you getting the “Too many redirects” error after the database setup part ?
And have you been able to identify the RewriteRule in the .htaccess that is causing this ?
Otherwise please post the entries between:
# BEGIN iThemes Security – Do not modify or remove this line
# END iThemes Security – Do not modify or remove this line
from your .htaccess file and we’ll have a look at it.
dwinden
Hi All,
I’ve seen this a few times today and we’re tracking it down. Do you have the Protect System Files feature found in System Tweaks? If so,
can you disable it and let me know if that helps?Thanks,
Gerroald
If you are getting the following error message:
Forbidden
You don’t have permission to access /wordpress_temp/wp-admin/install.php on this server.
then temporarily disable the Protect System Files setting in the System Tweaks section on the iTSec plugin Settings page as indicated by Gerroald.
dwinden
Hey, The 403 error im getting is: You don’t have permission to access /advocacyforyoungpeople/wp-admin/install.php on this server.
I dont think there is a problem with the plugin. I just need to it ignore the subdirectory /advocacyforyoungpeople
Here is the iThemes code I’m using in the htaccess:
# BEGIN iThemes Security – Do not modify or remove this line
# iThemes Security Config Details: 2
# Ban Hosts – Security > Settings > Banned Users
SetEnvIF REMOTE_ADDR “^81\.45\.182\.213$” DenyAccess
SetEnvIF X-FORWARDED-FOR “^81\.45\.182\.213$” DenyAccess
SetEnvIF X-CLUSTER-CLIENT-IP “^81\.45\.182\.213$” DenyAccessSetEnvIF REMOTE_ADDR “^42\.63\.209\.13$” DenyAccess
SetEnvIF X-FORWARDED-FOR “^42\.63\.209\.13$” DenyAccess
SetEnvIF X-CLUSTER-CLIENT-IP “^42\.63\.209\.13$” DenyAccess<IfModule mod_authz_core.c>
<RequireAll>
Require all granted
Require not env DenyAccess
Require not ip 81.45.182.213
Require not ip 42.63.209.13
</RequireAll>
</IfModule>
<IfModule !mod_authz_core.c>
Order allow,deny
Allow from all
Deny from env=DenyAccess
Deny from 81.45.182.213
Deny from 42.63.209.13
</IfModule># Enable the hide backend feature – Security > Settings > Hide Login Area > Hide Backend
RewriteRule ^(/)?login/?$ /wp-login.php [QSA,L]# Protect System Files – Security > Settings > System Tweaks > System Files
<files .htaccess>
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
Order allow,deny
Deny from all
</IfModule>
</files>
<files readme.html>
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
Order allow,deny
Deny from all
</IfModule>
</files>
<files readme.txt>
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
Order allow,deny
Deny from all
</IfModule>
</files>
<files install.php>
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
Order allow,deny
Deny from all
</IfModule>
</files>
<files wp-config.php>
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
Order allow,deny
Deny from all
</IfModule>
</files># Disable XML-RPC – Security > Settings > WordPress Tweaks > XML-RPC
<files xmlrpc.php>
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
Order allow,deny
Deny from all
</IfModule>
</files># Disable Directory Browsing – Security > Settings > System Tweaks > Directory Browsing
Options -Indexes<IfModule mod_rewrite.c>
RewriteEngine On# Protect System Files – Security > Settings > System Tweaks > System Files
RewriteRule ^wp-admin/includes/ – [F]
RewriteRule !^wp-includes/ – [S=3]
RewriteCond %{SCRIPT_FILENAME} !^(.*)wp-includes/ms-files.php
RewriteRule ^wp-includes/[^/]+\.php$ – [F]
RewriteRule ^wp-includes/js/tinymce/langs/.+\.php – [F]
RewriteRule ^wp-includes/theme-compat/ – [F]# Disable PHP in Uploads – Security > Settings > System Tweaks > Uploads
RewriteRule ^wp\-content/uploads/.*\.(?:php[1-6]?|pht|phtml?)$ – [NC,F]# Filter Request Methods – Security > Settings > System Tweaks > Request Methods
RewriteCond %{REQUEST_METHOD} ^(TRACE|DELETE|TRACK) [NC]
RewriteRule ^.* – [F]# Filter Suspicious Query Strings in the URL – Security > Settings > System Tweaks > Suspicious Query Strings
RewriteCond %{QUERY_STRING} \.\.\/ [NC,OR]
RewriteCond %{QUERY_STRING} ^.*\.(bash|git|hg|log|svn|swp|cvs) [NC,OR]
RewriteCond %{QUERY_STRING} etc/passwd [NC,OR]
RewriteCond %{QUERY_STRING} boot\.ini [NC,OR]
RewriteCond %{QUERY_STRING} ftp\: [NC,OR]
RewriteCond %{QUERY_STRING} http\: [NC,OR]
RewriteCond %{QUERY_STRING} https\: [NC,OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|%3D) [NC,OR]
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(%24&x).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(127\.0).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(globals|encode|localhost|loopback).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(request|concat|insert|union|declare).* [NC]
RewriteCond %{QUERY_STRING} !^loggedout=true
RewriteCond %{QUERY_STRING} !^action=jetpack-sso
RewriteCond %{QUERY_STRING} !^action=rp
RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in_.*$
RewriteCond %{HTTP_REFERER} !^https://maps\.googleapis\.com(.*)$
RewriteRule ^.* – [F]# Filter Non-English Characters – Security > Settings > System Tweaks > Non-English Characters
RewriteCond %{QUERY_STRING} ^.*(%0|%A|%B|%C|%D|%E|%F).* [NC]
RewriteRule ^.* – [F]# Reduce Comment Spam – Security > Settings > System Tweaks > Comment Spam
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} /wp-comments-post\.php$
RewriteCond %{HTTP_USER_AGENT} ^$ [OR]
RewriteCond %{HTTP_REFERER} !^https?://(([^/]+\.)?advocacymatters\.co\.uk|jetpack\.wordpress\.com/jetpack-comment)(/|$) [NC]
RewriteRule ^.* – [F]
</IfModule>
# END iThemes Security – Do not modify or remove this linethen temporarily disable the Protect System Files setting in the System Tweaks section on the iTSec plugin Settings page as indicated by Gerroald.
That worked and let me install. I’ll make sure it all works properly once i’ve turned this back on and let you know.
Thanks!
Unfortunately what you initially requested (make an exception for the new subdirectory in .htaccess) is not possible. You cannot specify a directory using the <files> directive.
But this would have probably worked:
<files install.php>
# Apache > 2.2
<IfModule mod_authz_core.c>
Require ip [ip_address]
</IfModule>
# Apache = 2.2
<IfModule !mod_authz_core.c>
Order deny,allow
Deny from all
Allow from [ip_address]
</IfModule>
</files>Anything in bold is customized.
Where [ip_address] should be substituted with your computer ip address.
Basically makes an exception for your ip address only.Anyway it is not recommended to manually edit iTSec plugin rules in .htaccess
Any changes will be overwritten by the iTSec plugin when saving settings.
So if you temporarily want something done ok, but set the iTSec plugin rules back to default once you are done.The preferred method is to temporarily disable the Protect System Files setting in the System Tweaks section on the iTSec plugin Settings page.
dwinden
- The topic ‘Exclude subdirectory’ is closed to new replies.
