I'm not sure if this is specific to my site or not, but if anyone knows how to override this behavior, that would be most appreciated! I have WordPress installed in the root directory of my server. There is also an unrelated sub-directory we'll call 'restricted-dir'. I have added an .htaccess file inside that directory with the following code:
Deny from all
Without that command, if a user visits www.my-domain/restricted-dir/ it would list all contents. I would like the user to receive the server's typical 403 Forbidden message, but instead WordPress kicks in and directs the user to my 404 page on my website.
Is there anything I can do to make the 403 page show up instead of the 404 page along with my entire WordPress install?
I'm not sure if this is specific to my site or not, but if anyone knows how to override this behavior, that would be most appreciated! I have WordPress installed in the root directory of my server. There is also an unrelated sub-directory we'll call 'restricted-dir'. I have added an .htaccess file inside that directory with the following code:
Deny from all
Without that command, if a user visits www.my-domain/restricted-dir/ it would list all contents. I would like the user to receive the server's typical 403 Forbidden message, but instead WordPress kicks in and directs the user to my 404 page on my website.
Is there anything I can do to make the 403 page show up instead of the 404 page along with my entire WordPress install?
Share Improve this question asked Oct 30, 2017 at 18:34 EricaErica 1715 bronze badges 3 |2 Answers
Reset to default 0Thinking on it for a minute, I suppose it has something to do with the rewrite rules from the WP .htacces is kicking in and rewriting the request to WP. It doesn't totally make sense to me, because WP's rewrite rules actually ignore directories, and I cannot reproduce it with a quick test, but there might be other factors at play in your environment.
Adding
RewriteEngine On
RewriteRule ^restricted-dir - [F,L]
in the WP .htaccess before the WordPress Rewrite Rules should have the same result, denying access to restricted-dir with a 403 response.
This question is old but in case anyone else comes across with the same problem, I found the answer in this ticket:
https://wordpress.stackexchange/a/20274/31889
(For me solution #3 was the ticket, but I also have the first two in place so maybe it was a combination.)
Require all denied, see also the upgrade guide. – janh Commented Oct 30, 2017 at 18:39