If this is happening on a regular basis, your security plugins appear to be failing. Below are several steps you can take to prevent this: Start by using a really good security plugin like Wordfence Security. I haven’t had a successful hacking incident since I started using this. If that fails, or you just want … Read more
From your comment: Those htaccess changes don’t happen as a result of an add_action. Perhaps they should? Yes, they should. And here’s why insert_with_markers() calls switch_to_locale() which uses $GLOBALS[‘wp_locale_switcher’] (or $wp_locale_switcher) which is initialized in wp-settings.php, but only after WordPress runs the setup_theme hook. And looking at the error in question and line #1582 in … Read more
As long as a plugin is blocking excess login attempts, then I am not sure that additional protection is needed. The plugin should be protecting against the attempts at credential guessing. There will always be login attempts on sites, even if they aren’t WP sites. You could look at your access logs (filtering by a … Read more
There are a few points to share because I could foresee that the comment will be very long and I post some suggestion here for reference and hopefully could fix it up. 1st point about the rewrite $newrules[‘/(\d*)$’] = ‘index.php?city=$matches[1]’; I guess you expect to use a url like https://example.com/new_york/ to the path so city … Read more
http://www.example.com/ar/shop-listing/health-beauty~@/#$&&&%%$%3Cscript%3E/ In this particular URL, everything after the # (hash) is the fragment identifier and is not sent to the server by the browser, so cannot be blocked server-side in .htaccess. The server only sees: /ar/shop-listing/health-beauty~@/ If the # was to be removed from this URL then this would be a wholly invalid URL (because … Read more
From the two .htaccess files you posted I can’t see how your site is working at all?! If you request example.com/ (the document root) then the second rule in the root .htaccess file rewrites the request directly to /subdirectory/index.html (not index.php). If /subdirectory/index.html exists then the (non-WordPress) file is served, otherwise see #2 If you … Read more
I’d like to redirect in ht.access To clarify, it’s .htaccess, not ht.access. You can do something like the following at the top of the .htaccess file, before the existing WordPress directvies: RewriteRule (.*/)page/\d+/?$ /$1 [R=302,L] The above issues a 302 (temporary) redirect for any URL of the form /<something>/page/<number>/ (trailing slash optional) to /<something>/. The … Read more
I’ve found a solution. The WordPress made from AWS Lightsail instance image is bitnami WordPress. And the bitnami WordPress is disabled Basic Authentication as default. So it needs some modification on /opt/bitnami/apps/WordPress/conf/httpd-app.conf to enable Basic Authentication. This modification is adding 3 lines below. RewriteEngine on RewriteCond %{HTTP:Authorization} ^(.*) RewriteRule ^(.*) – [E=HTTP_AUTHORIZATION:%1] The httpd-app.conf ended … Read more
RewriteCond %{HTTP_HOST} ^example\.me [NC] RewriteCond %{SERVER_PORT} 80 RewriteRule ^(.*)$ https://www.example.me/$1 [R,L] You’ve not stated where exactly you are adding these rules in your .htaccess file(s). The order is important. These directives need to go at the top of the .htaccess file, before the WordPress front-controller, otherwise they won’t redirect anything other than static resources. This … Read more
Sure this is not a problem. As long as you site works and redirects to the right pages there is no harm in doing this. You might also want to use it for protecting your wp-config file from hackers by adding this to your .htaccess: <Files wp-config.php> Order Allow,Deny Deny from all </Files> Good luck … Read more