Rules in .htaccess only if the requested URL is /wp-admin

Try something like this instead:

<If "%{THE_REQUEST} !~ m#\s/wp-admin#">
Header add Content-Security-Policy "default-src 'self';"
Header add Content-Security-Policy "script-src 'self';"
</If>

This should set the two headers only when the requested URL does not start with /wp-admin.

The check is against THE_REQUEST (as opposed to REQUEST_URI) since REQUEST_URI changes when the URL is rewritten by the WordPress front-controller. THE_REQUEST is the first line of the request headers (a string of the form GET /wp-admin/something HTTP/1.1) and does not change when the request is rewritten.

Maybe it would be nice if a loggedin user is on the website that the lines also not be executed.
(I need to do it with htaccess.)

You can’t reliably do this with .htaccess. In .htaccess you can only determine whether the authentication cookie is set, not whether it is set correctly.

Related Posts:

  1. Improve wordpress security by hiding non public resources
  2. Does this .htaccess security setting really work?
  3. File and directory permissions
  4. Using “wordpress_logged_in” to restrict direct access to uploads folder in 2021
  5. WordPress URL/Folder ReWrite using Htaccess
  6. Which WordPress scripts need to be executable for a fresh installation?
  7. Blocking access to wp-login via htaccess not working
  8. Attach to wp-login.php and xmlrpc.php
  9. XMLRPC filtering through htaccess not working
  10. Restricting user login by IP address
  11. WordPress: Adding Security
  12. How do I test to ensure that my wp-config file is protected?
  13. WordPress not seeing .htaccess rules
  14. Disable directory browsing of uploads folder
  15. Strange behaviour of is_user_logged_in() and get_current_user_id()
  16. Selectively Disabling PHP via .htaccess in Root Directory
  17. Should I prevent access to .htaccess and wp-config.php files?
  18. Blocking wp-login in HTACCESS has also blocked password protected pages
  19. Basic Auth .htaccess on wp-login, but allow logout from woocommerce
  20. Using htaccess to prevent spam through wp-comments-post.php
  21. How can I create a private site that is inaccessible from the outside?
  22. Restrict Content for only Contributors via .htaccess
  23. Allowing access to certain WordPress created pages or posts with htaccess / htpasswd
  24. Security headers disappear on WordPress pages
  25. Why is this line of code Wrong in every WordPress .Htaccess security article?
  26. How to redirect all HTTP requests to HTTPS
  27. Best collection of code for your .htaccess file [closed]
  28. Default .htaccess file for WordPress?
  29. Which one does WordPress prioritize when it comes to php.ini, wp-config and .htaccess?
  30. Security and .htaccess
  31. WordPress site hacked. Has .htaccess been hacked?
  32. htaccess problem after saving Settings
  33. Protecting direct access to PDF and ZIP unless user logged in (without plugin)
  34. Stop WordPress and Plugins from Overwriting .htaccess
  35. Change Login URL Without Plugin
  36. htaccess disable WordPress rewrite rules for folder and its contents
  37. htaccess rewrite conflict with wordpress rules and ssl
  38. htaccess https redirect from www to non-www
  39. What does a security risk in a plugin look like?
  40. Htaccess for Wordpess set on single subdomain
  41. Securing wp-admin folder – Purpose? Importance?
  42. adding rewrite rules in .htaccess
  43. .htaccess and 500 error, extra character added
  44. Name-based virtual host configuration in Apache seems to cause a “500 Internal Server Error”
  45. Place static HTML files in path below WordPress page
  46. Static raw HTML page
  47. WordPress + Magento .htaccess ReWriteRule Issue (www vs. non-www)
  48. Plugin to edit htaccess file
  49. htaccess rewrite for author query string when WP is in subfolder
  50. Why “Settings->Permalinks” creates .htaccess file on nginx server?
  51. .htaccess for wordpress inside another wordpress install
  52. .htaccess file redirecting to parent directory
  53. Blog.php or how to display recent posts?
  54. Options for restricting access to wp-admin
  55. Rewrite /?rest_route=/ link to /wp-json/ without changing default permalink structure in apache
  56. Globally force SSL on all pages
  57. Serve apache 404 for missing assets rather then wp 404 template WP_Rewrites
  58. Isolating WordPress to a subfolder
  59. Remove year and month in URL using .htaccess
  60. index.php not loading in main folder of wordpress
  61. Admin-Ajax.php, SSL, Non-SSL
  62. How to Block Access to Standard Login Flow and Comment Flow
  63. How disable SSL redirect for specific URL?
  64. WordPress site displaying 404 for any page apart from index
  65. Which ways can be used to log in to WordPress?
  66. Why does the header set X-Robots-Tag apply to all pages?
  67. Permalinks not working on second wordpress installed in a subdirect
  68. How to avoid wordpress permalink rules to inherit in a sub-folder
  69. How to change “wp-admin” to something else without search-replacing the core?
  70. Error:406 not acceptable
  71. Unable to access WP admin
  72. .htaccess Rewrite URL WordPress
  73. Move wordpress to folder without changing urls
  74. Rewrite rule not working
  75. A plugin changes my .htaccess file and I can’t access httpd.conf as that’s a shared server
  76. Cant block wordpress readme files
  77. Change wp-content without changing the name of the folder
  78. 404/500 error on /wp-json
  79. WordPress keeps deleting .htaccess file
  80. Correct htaccess to display page while also passing in GET parameters
  81. What is the role of .htaccess file in WordPress?
  82. Using WordPress only for the backend, and using AngularJS as a frontend
  83. Temporary .htaccess blocking is disabling WP Crons from running?
  84. Block access to wp-admin
  85. How to restrict access to wp-content, wp-includes and all sub-folders
  86. Two domains on one WordPress Installation
  87. .htaccess redirects disappeared after re-saving permalinks
  88. Protect Upload Folder Files With Ampersand Problem
  89. How have I misconfigured basic auth for my wordpress site?
  90. Remove File Extension for Page Outside of WordPress
  91. Is it possible to dynamically redirect URL using htaccess?
  92. How can I code my plugin to safely modify .htaccess?
  93. Prevent users from browsing through the media galleries
  94. .htaccess for wordpress in separate folder
  95. How to modify the .htaccess to force ssl on login and admin pages
  96. WordPress trims off the forward slash when import
  97. WordPress mod_rewrite is canceling/overwriting my other mod_rewrite rule
  98. .htaccess and WordPress Admin Bar
  99. WordPress best solution shared theme for consumers and businesses (two url’s one instaltion)
  100. Keep getting 401 error from WordPress on AWS Lightsail
Hata!: SQLSTATE[HY000] [1045] Access denied for user 'divattrend_liink'@'localhost' (using password: YES)