WordPress.org

Make WordPress Core

Opened 10 months ago

Last modified 10 months ago

#46792 new defect (bug)

CPANEL Directory Privacy DoesNOT work With WordPress Admin Directory

Reported by: ephremfirew Owned by:
Milestone: Awaiting Review Priority: normal
Severity: blocker Version: 5.1
Component: Security Keywords: needs-testing reporter-feedback
Focuses: Cc:
PR Number:

Description (last modified by SergeyBiryukov)

Hello WordPress,

Protecting my wordpress admin directory using CPANEL Directory privacy feature doesn't work.

And I tried to replace the default wordpress rule in htaccess file:

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

Replaced with this by adding another / after Dot:

RewriteRule ./ /index.php [L]

IT WORKS 100%

But the problem is:

When I update the permalinks, it will rewrite the default rules again.

What is the solution?

Change History (4)

#1 follow-up: @mcmwebsol
10 months ago

Have you tried adding it before the "# BEGIN WordPress" line?
Or you could set .htaccess to be read-only (e.g. 444 permissions).

#2 in reply to: ↑ 1 @ephremfirew
10 months ago

Duplicating the rule will damage the website stylesheets. Blocking with 444 may prevent other security plugin tasks but I will try it.

#3 @SergeyBiryukov
10 months ago

  • Description modified (diff)

#4 in reply to: ↑ description @SergeyBiryukov
10 months ago

  • Keywords reporter-feedback added; needs-patch removed

Hi @ephremfirew, welcome to WordPress Trac! Thanks for the report.

Protecting my wordpress admin directory using CPANEL Directory privacy feature doesn't work.

Could you clarify the exact issue with that feature and provide the steps to reproduce it?

Replaced with this by adding another / after Dot:

RewriteRule ./ /index.php [L]

What's the purpose of that change? As you've noticed, any changes inside # BEGIN WordPress ... # END WordPress can be overwritten. If you need custom rewrite rules, they should be added outside of that block.

Note: See TracTickets for help on using tickets.