The PHP files in the wp-includes directory will do nothing when accessed directly. They are designed to be include()‘d in an existing PHP script, such as on the front-end or in the dashboard. Your Options -Indexes entry in the .htaccess file simply prevents a list of the files in a directory when no index.php is … Read more
About changing the login url, i already did by mysel. It help me protect my site and prevent brute force You can change it in htaccess. But you also need to add the filter to replace old login url in wordpress. Example to my website: File .htaccess: RewriteRule ^signin(.*) wp-login.php?%{QUERY_STRING} In your theme or custom … Read more
Redirection depends on server configuration. You need to add ErrorDocument 401 default to your main .htaccess to prevent redirection. You can refer the article Password-protect-wp-admin for more details
Your site has likely been hacked. My site had the Darkleech infection, which injected some malicious code into wp-includes/nav-menu.php, causing .htaccess to reset to 444 on any page load. I’d recommend you install the Sucuri plugin and let it restore any files that have been corrupted. Assuming your site was hacked, use their Post-Hack tab … Read more
The procedure is thoroughly documented in Codex under Moving a Root install to its own directory. You misunderstand the point about changing URLs in it, and yes the terminology sucks. The only URLs that will change are those that are based on the “WP address”. That would be WordPress core, essentially the admin area. All … Read more
If you place your “custom” directives outside of any # BEGIN … / # END … comment markers then WordPress (and plugins) should not overwrite them when they update. (Of course, if you have plugins that don’t “play nice” then they could do anything to .htaccess if you let them, so you would need to … Read more
For now, this is unsolvable according to Mark Jaquith, as noted here. Q: Does this support WordPress in multisite mode? A: No. Not until WordPress supports WordPress-in-a-subdirectory installation for multisite. If you’re a WordPress hacker who wants to help with that feature, drop me a line
RewriteCond %{REQUEST_FILENAME} -s RewriteRule ^wp-content/uploads/([^/]*\.(pdf|zip))$ filecheck.php?file=$1 [QSA,L] This actually looks OK, except if you have additional subdirectories within the /uploads directory? An alternative is to include an additional condition on the original rule that only rewrites the request if the request ends in .pdf or .zip. For example: RewriteCond %{REQUEST_URI} \.(pdf|zip)$ [NC] RewriteCond %{REQUEST_FILENAME} -s … Read more
I had the axact same problem. My solution: edited/etc/apache2/sites-enabled/000-default.conf. It needs to look like: <VirtualHost *:80> ServerAdmin webmaster@localhost DocumentRoot /var/www/html <Directory /> Options FollowSymLinks AllowOverride all </Directory> <Directory /var/www/> Options FollowSymLinks AllowOverride all Order allow,deny allow from all </Directory> ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined </VirtualHost> It works!
Ok I figured this out and I am providing answer just for the case that someone else experiences this problem. The problem was in the plugin that was used on the original automatic installation of the WordPress done via Mojo Marketplace. The name of the plugin was Endurance PHP Edge and it was not in … Read more