htaccess - Deny php file access but allow a specific folder

0
votes

I have a website paytrics.com

This site is working on Codeigniter. I have written a piece of code in htaccess to block direct access of php files. The code is

Please see this image for htacess code

This is working fine. However, here is my problem. I have installed wordpress inside a folder paytrics.com/blog The pages and posts of blog are opening properly.

But since I have blocked access wp-admin of blog So, when I open http://www.paytrics.com/blog/wp-admin it gives me an error that permission is denied.

How to solve this problem? I want direct access of php files denied in my codeigniter project, but I also need to access Wordpress admin section.

1
phpwordpress.htaccesscodeigniter
Why would you block it? I'd put a password on the folder and rename it to something like /ad-access/. - Michael Vermeulen
I am blocking php files because I noticed people can use upload file hack to upload php files and execute them. So I want php files prevented for execution directly. - Aayush
The good old c99 days. Anyway, if you update wordpress to the latest versions, they won't be able to use scripts like c99. Besides, uninstall any file upload related plug-ins as they are often unsecured. As long as you keep updating wordpress you're good to go. - Michael Vermeulen
Actually I know WP will prevent it. However, WP is in Blog folder installed. This htaccess is for codeigniter project which is in the root directory. - Aayush

1 Answers

0
votes

In WordPress, if you are trying to access /wp-admin page. It actually redirects to /wp-login.php page. Because WordPress authentication and redirects are managed inside /wp-login.php page.

Since you are blocking access to .php files, try to create an alias for the WordPress directory.

Update your host entry to following,

Alias /blog/ /var/www/wordpress_path
<Directory /var/www/wordpress_path/>
    Options Indexes FollowSymLinks MultiViews
    AllowOverride all
    Order allow,deny
    allow from all
</Directory>

Then the .htaccess inside your WordPress install should work, then you can login to the backend.

I hope this helps.