Rules in .htaccess only if the requested URL is /wp-admin

Try something like this instead:

<If "%{THE_REQUEST} !~ m#\s/wp-admin#">
Header add Content-Security-Policy "default-src 'self';"
Header add Content-Security-Policy "script-src 'self';"
</If>

This should set the two headers only when the requested URL does not start with /wp-admin.

The check is against THE_REQUEST (as opposed to REQUEST_URI) since REQUEST_URI changes when the URL is rewritten by the WordPress front-controller. THE_REQUEST is the first line of the request headers (a string of the form GET /wp-admin/something HTTP/1.1) and does not change when the request is rewritten.

Maybe it would be nice if a loggedin user is on the website that the lines also not be executed.
(I need to do it with htaccess.)

You can’t reliably do this with .htaccess. In .htaccess you can only determine whether the authentication cookie is set, not whether it is set correctly.

Related Posts:

  1. Improve wordpress security by hiding non public resources
  2. Does this .htaccess security setting really work?
  3. File and directory permissions
  4. Using “wordpress_logged_in” to restrict direct access to uploads folder in 2021
  5. WordPress URL/Folder ReWrite using Htaccess
  6. Which WordPress scripts need to be executable for a fresh installation?
  7. Blocking access to wp-login via htaccess not working
  8. Attach to wp-login.php and xmlrpc.php
  9. XMLRPC filtering through htaccess not working
  10. Restricting user login by IP address
  11. WordPress: Adding Security
  12. How do I test to ensure that my wp-config file is protected?
  13. WordPress not seeing .htaccess rules
  14. Disable directory browsing of uploads folder
  15. Strange behaviour of is_user_logged_in() and get_current_user_id()
  16. Selectively Disabling PHP via .htaccess in Root Directory
  17. Should I prevent access to .htaccess and wp-config.php files?
  18. Blocking wp-login in HTACCESS has also blocked password protected pages
  19. Basic Auth .htaccess on wp-login, but allow logout from woocommerce
  20. Using htaccess to prevent spam through wp-comments-post.php
  21. How can I create a private site that is inaccessible from the outside?
  22. Restrict Content for only Contributors via .htaccess
  23. Allowing access to certain WordPress created pages or posts with htaccess / htpasswd
  24. WordPress site hacked. Has .htaccess been hacked?
  25. htaccess https redirect from www to non-www
  26. .htaccess and 500 error, extra character added
  27. Place static HTML files in path below WordPress page
  28. htaccess rewrite for author query string when WP is in subfolder
  29. Why “Settings->Permalinks” creates .htaccess file on nginx server?
  30. .htaccess for wordpress inside another wordpress install
  31. Rewrite /?rest_route=/ link to /wp-json/ without changing default permalink structure in apache
  32. Globally force SSL on all pages
  33. Isolating WordPress to a subfolder
  34. Correct htaccess to display page while also passing in GET parameters
  35. What is the role of .htaccess file in WordPress?
  36. Block access to wp-admin
  37. How have I misconfigured basic auth for my wordpress site?
  38. WordPress trims off the forward slash when import
  39. WordPress best solution shared theme for consumers and businesses (two url’s one instaltion)
  40. Redirect main domain to subdirectory
  41. Remove special characters in a URL
  42. How do I edit the htaccess file to optimize my website?
  43. Should I add the IP of the server that hosts my sites to the list of authorized IPs in the wp-admin/.htaccess?
  44. Block only external access to wp-cron.php on OpenLiteSpeed
  45. Removing code added to htaccess with insert_with_markers
  46. Site searches by Python for non-existent assets
  47. WordPress 404 on Subdomain
  48. Can’t Access Subdirectory
  49. How to ignore folder in site root while accessing a URL
  50. HTTP sitewide, except for: wp-admin, and 2 custom directories
  51. WordPress installed in root, need second in subdirectory with different domain
  52. htaccess has broken my site
  53. What to write in the htaccess in order to detect browser language and point accordingly?
  54. Only Allow Front End Access
  55. .htacess rewrite condition: page to seconddomain/page
  56. Separate 404 page for WordPress in subfolder
  57. Weird behavior of Dashboard, must be core files
  58. Remove trailing slash after .html extension
  59. Need help rebuilding lost htaccess file
  60. I have a page using a pretty url and a mod_rewrite rule matching it. I expected it to give an error but it’s working. Why?
  61. How do I setup htaccess for 301 redirects, post Joomla to WordPress migration? [closed]
  62. How to rename index.php to home.php
  63. Hide a subdirectory on my website hosting
  64. Can’t access WP site over WiFi network
  65. Creating a copy of a website in a subdirectory, wp-admin redirect problem
  66. disable WordPress 404 for one specific page/folder to receive actual php errors
  67. Troll the hackers by redirecting them
  68. .htpasswd asking for authentication on home page
  69. WordPress login fail after .htaccess domain redirect
  70. Redirect to new domain with .htaccess [closed]
  71. I am new in word pres my font awesome is not allow
  72. Access sub-domain when root public_html is protected with .htaccess password
  73. Redirect https://www.subdomain.domain.com is not redirecting to subdomain.website.com [closed]
  74. htaccess redirect throws an error: PHP Catchable fatal error: Object of class WP_Error could not be converted to string
  75. Can’t access htaccess [closed]
  76. .htaccess redirect not properly working [ ?utm_source=]
  77. hide theme files for admin beneath root
  78. Why my WordPress Site Asking for HTTP Authentication?
  79. Iterating users while user iteration is suppressed
  80. htaccess redirects invalid request to home page not 404
  81. Deny php execution in /wp-includes – using .htaccess in /wp-includes VS root folder
  82. WordPress How to rewrite URL for custom pages
  83. Downloading zip or tar.gz inside WordPress installation?
  84. WordPress permalinks is wrong. It wants me to change my htaccess file. But then site crashes
  85. How to move wordpress website from hosting account to localhost
  86. Clicking PUBLISH Now Redirects to 404 PAGE NOT FOUND
  87. Unable to find ‘full-path’ to my 404.php file
  88. Use htaccess to redirect wordpress non-existent page to homepage
  89. WordPress RSS feed to external XML
  90. Does htaccess password keep search engines out?
  91. Need to edit htaccess while moving on WordPress
  92. block seacrh engines for all pages EXCEPT homepage
  93. Issue after changing permalink structure [duplicate]
  94. My WP site and password was hacked, what to do? [closed]
  95. rewrite rule on plugin activation
  96. Url redirection using htacess for my website
  97. htaccess – Server Subdirectory With Different Name Than URL Subdirectory
  98. WordPress redirection
  99. Home page returns 404
  100. Browser Caching .htaccess