Title: Exclude wordpress redirect block. Last modified: August 22, 2016 --- # Exclude wordpress redirect block. * Resolved [larnellc](https://wordpress.org/support/users/larnellc/) * (@larnellc) * [11 years, 9 months ago](https://wordpress.org/support/topic/exclude-wordpress-redirect-block/) * When I create a secure htaccess file, how do I exclude the wordpress redirect block? I inherited a wordpress install which has the htaccess file in a directory about the wordpress directory. I can use your plugin to secure the site but I’ve discovered having the wordpress redirect lines in both htaccess files creates a conflict. * The lines I’m referring to are: * ``` # WP REWRITE LOOP START RewriteEngine On RewriteBase / RewriteRule ^index\.php$ - [L] # add a trailing slash to /wp-admin RewriteRule ^wp-admin$ wp-admin/ [R=301,L] RewriteCond %{REQUEST_FILENAME} -f [OR] RewriteCond %{REQUEST_FILENAME} -d RewriteRule ^ - [L] RewriteRule ^(wp-(content|admin|includes).*) $1 [L] RewriteRule ^(.*\.php)$ wp/$1 [L] RewriteRule . index.php [L] ``` * The error I get when this block is in both the root htaccess and the /wordpress access is. * > Request exceeded the limit of 10 internal redirects due to probable configuration > error. Use ‘LimitInternalRecursion’ to increase the limit if necessary. Use‘ > LogLevel debug’ to get a backtrace. * Thanks * [https://wordpress.org/plugins/bulletproof-security/](https://wordpress.org/plugins/bulletproof-security/) Viewing 15 replies - 1 through 15 (of 20 total) 1 [2](https://wordpress.org/support/topic/exclude-wordpress-redirect-block/page/2/?output_format=md) [→](https://wordpress.org/support/topic/exclude-wordpress-redirect-block/page/2/?output_format=md) * Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/) * (@aitpro) * [11 years, 9 months ago](https://wordpress.org/support/topic/exclude-wordpress-redirect-block/#post-5217887) * This is not a valid RewriteRule: `RewriteRule ^(.*\.php)$ wp/$1 [L]` The standard. htaccess code for a WordPress Network Subdomain site is below. Did you make this modification to the RewriteRule? * Normally if each website has its own .htaccess file then it will follow the rules in it’s .htaccess file. I need to know all the details of what each site type is and their folder structure relative to each other and whether you clicked the correct AutoMagic buttons for each website. * [http://codex.wordpress.org/htaccess#Multisite](http://codex.wordpress.org/htaccess#Multisite) * ``` RewriteEngine On RewriteBase / RewriteRule ^index\.php$ - [L] # add a trailing slash to /wp-admin RewriteRule ^wp-admin$ wp-admin/ [R=301,L] RewriteCond %{REQUEST_FILENAME} -f [OR] RewriteCond %{REQUEST_FILENAME} -d RewriteRule ^ - [L] RewriteRule ^(wp-(content|admin|includes).*) $1 [L] RewriteRule ^(.*\.php)$ $1 [L] RewriteRule . index.php [L] ``` * Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/) * (@aitpro) * [11 years, 9 months ago](https://wordpress.org/support/topic/exclude-wordpress-redirect-block/#post-5217990) * Hmm interesting. There are 2 different versions of this code for WordPress 3.5 + * this link shows the code using wp/ [http://codex.wordpress.org/Multisite_Network_Administration#.htaccess_and_Mod_Rewrite](http://codex.wordpress.org/Multisite_Network_Administration#.htaccess_and_Mod_Rewrite) * and this link shows the code without wp/ [http://codex.wordpress.org/htaccess#Multisite](http://codex.wordpress.org/htaccess#Multisite) * I will need to check with the WP folks to find out which is the correct code. * Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/) * (@aitpro) * [11 years, 9 months ago](https://wordpress.org/support/topic/exclude-wordpress-redirect-block/#post-5218003) * **Impact: Network/Multisite subdomain .htaccess code/websites.** * Either we screwed up originally and misinterpreted the WordPress Network/Multisite subdomain writing .htaccess code in /wp-admin/network.php or something changed since we originally created that code and we screwed up by not changing the Network/ Multisite writing code in BPS. Either way we screwed up. * We are fixing the Network/Multisite subdomain .htaccess writing code right now in BPS .50.7 and will have the new version of BPS .50.7 released ASAP. * **Workaround until a new version of BPS is released:** 1. Go the Network Admin Panel/Dashboard. 2. Click on Settings >>> Network Setup 3. Copy the .htaccess code that you see under “2. Add the following to your .htaccess file in…” to a Notepad or Notepad++ text file on your computer (do NOT use Word or WordPad). 4. Go to your Primary site Dashboard. 5. Go to the BPS htaccess Core >>> htaccess File Editor tab page and unlock your root htaccess file if it is currently locked. 6. Click on the “Your Current Root htaccess File” tab and scroll down in the contents of your root .htaccess file until you see this htaccess code/text: # WP REWRITE LOOP START * Replace the .htaccess code that looks similar to this code below with the similar code you copied to the Notepad text file on your computer: * ``` RewriteEngine On RewriteBase / RewriteRule ^index\.php$ - [L] # add a trailing slash to /wp-admin RewriteRule ^wp-admin$ wp-admin/ [R=301,L] ``` * 7. Scroll down further in the root .htaccess file contents until you come to code that looks similar to this code below. Replace the .htaccess code that looks similar to this code below with the similar code you copied to the Notepad text file on your computer: * ``` RewriteCond %{REQUEST_FILENAME} -f [OR] RewriteCond %{REQUEST_FILENAME} -d RewriteRule ^ - [L] RewriteRule ^(wp-(content|admin|includes).*) $1 [L] RewriteRule ^(.*\.php)$ $1 [L] RewriteRule . index.php [L] ``` * 8. Click the Update File button to save your changes/edits. 9. Make a backup of your root .htaccess file. * **Note: Do not use the AutoMagic buttons again until BPS .50.7 is released, which will be very soon.** * Thread Starter [larnellc](https://wordpress.org/support/users/larnellc/) * (@larnellc) * [11 years, 9 months ago](https://wordpress.org/support/topic/exclude-wordpress-redirect-block/#post-5218054) * Thanks for looking at this for me. I still think my problem is that the rules are duplicated between two htaccess files. * One is located in the true, server root of my install. > /.htaccess * The rules are then automatically generated with BPS and located in > /wordpress/. htaccess * When I comment out only the wordpress the rules out of the second location >/ wordpress/.htaccess I no longer get the redirect error. * My site was multisite but currently I only have one url, and one site running from the /wordpress/ install path. * Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/) * (@aitpro) * [11 years, 9 months ago](https://wordpress.org/support/topic/exclude-wordpress-redirect-block/#post-5218056) * Do you have a GWIOD Network Subdomain site type or are you saying you have 2 separate WordPress installations in 2 separate folders? * GWIOD = Giving WordPress It’s Own Directory: [http://codex.wordpress.org/Giving_WordPress_Its_Own_Directory](http://codex.wordpress.org/Giving_WordPress_Its_Own_Directory) * A GWIOD site type is supposed to have 2 .htaccess files. 1 in the site root folder and 1 in the wordpress installation folder. * Example of the site root .htaccess file if the WordPress site is a GWIOD Network Subdomain site and WordPress is installed in a folder named “/wordpress”. What is important to note is that the RewriteBase is still just “/” but the RewriteRules are /wordpress. * ``` RewriteEngine On RewriteBase / RewriteRule ^index\.php$ - [L] # add a trailing slash to /wp-admin RewriteRule ^wp-admin$ wp-admin/ [R=301,L] RewriteCond %{REQUEST_FILENAME} -f [OR] RewriteCond %{REQUEST_FILENAME} -d RewriteRule ^ - [L] RewriteRule ^(wp-(content|admin|includes).*) wordpress/$1 [L] RewriteRule ^(.*\.php)$ wordpress/$1 [L] RewriteRule . index.php [L] ``` * Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/) * (@aitpro) * [11 years, 9 months ago](https://wordpress.org/support/topic/exclude-wordpress-redirect-block/#post-5218057) * The Default .htaccess file for a GWIOD Network Subdomain site in the WordPress installation folder would look this if WordPress was installed in a folder named“/ wordpress”. Note that the only difference is that the RewriteBase is /wordpress/. The $1 and $2 backreferences are dynamically created (once we fix the bug in BPS), but for this example I am using backreference $1. * ``` RewriteEngine On RewriteBase /wordpress/ RewriteRule ^index\.php$ - [L] # add a trailing slash to /wp-admin RewriteRule ^wp-admin$ wp-admin/ [R=301,L] RewriteCond %{REQUEST_FILENAME} -f [OR] RewriteCond %{REQUEST_FILENAME} -d RewriteRule ^ - [L] RewriteRule ^(wp-(content|admin|includes).*) wordpress/$1 [L] RewriteRule ^(.*\.php)$ wordpress/$1 [L] RewriteRule . index.php [L] ``` * Thread Starter [larnellc](https://wordpress.org/support/users/larnellc/) * (@larnellc) * [11 years, 9 months ago](https://wordpress.org/support/topic/exclude-wordpress-redirect-block/#post-5218058) * WordPress has it’s own folder. So yes I do have a GWIOD Network Subdomain type setup. I do have an htaccess in both paths /.htaccess and /wordpress/.htaccess * Again I eliminate the redirect error mentioned earlier when I comment out the wordpress rules. Are the rules supposed to be in each htaccess with this type of setup? * My /.htaccess looks exactly like the last code you posted. * ``` RewriteEngine On RewriteBase / RewriteRule ^index\.php$ - [L] # add a trailing slash to /wp-admin RewriteRule ^wp-admin$ wp-admin/ [R=301,L] RewriteCond %{REQUEST_FILENAME} -f [OR] RewriteCond %{REQUEST_FILENAME} -d RewriteRule ^ - [L] RewriteRule ^(wp-(content|admin|includes).*) wordpress/$1 [L] RewriteRule ^(.*\.php)$ wordpress/$1 [L] RewriteRule . index.php [L] ``` * Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/) * (@aitpro) * [11 years, 9 months ago](https://wordpress.org/support/topic/exclude-wordpress-redirect-block/#post-5218059) * htaccess files are hierarchical/recursive and WordPress GWIOD Network sites types can be run with only 1 .htaccess file in the site root folder, BUT if you want to have BPS .htaccess security code used/applied on this website you have 2 choices. * You can either manually copy the root .htaccess file from your /wordpress installation folder and paste it into your site root .htaccess file and make the RewriteBase and RewriteRule changes/edits. This means that you cannot use AutoMagic or other htaccess editing tools in BPS since you are doing a manual move of the .htaccess file. * or * using the natural/normal hierarchical/recursive capabilities of .htaccess files you would use 2 .htaccess files. The WordPress installation folder will follow the rules in it’s .htaccess file and not the site root parent .htaccess file. In other words, you can have 2 almost identical .htaccess files except for having a different RewriteBase and everything will work correctly. All the security and tools in BPS will work correctly. * If you are getting an infinite redirect loop then the .htaccess code is not correct for the each .htaccess file. check the RewriteBase’s, RewriteRule’s and also check that you do not have some invalid/incorrect redirect code somewhere in any of your .htaccess files. * Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/) * (@aitpro) * [11 years, 9 months ago](https://wordpress.org/support/topic/exclude-wordpress-redirect-block/#post-5218060) * There is another case where infinite redirect loops will occur. * If your server or something else that you have installed on your website is handling error logging or your server does not allow error logging from an .htaccess file using the ErrorDocument directive then you should turn off BPS Security Logging because when an error occurs it will be redirected in an infinite loop if either your server is already handling error logging or does not allow the ErrorDocument directive or if something else is already handling error logging. * Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/) * (@aitpro) * [11 years, 9 months ago](https://wordpress.org/support/topic/exclude-wordpress-redirect-block/#post-5218061) * Also it is important to note the with ALL GWIOD site types the site root .htaccess file does not need any BPS security code in it if your wordpress installation folder .htaccess file (the BPS root .htaccess file) has security code in it. The site root .htaccess file for ALL GWIOD site types should be using the default WordPress GWIOD rewrite .htaccess code/file. * Thread Starter [larnellc](https://wordpress.org/support/users/larnellc/) * (@larnellc) * [11 years, 9 months ago](https://wordpress.org/support/topic/exclude-wordpress-redirect-block/#post-5218063) * I can triple check the rules are correct for their location but honestly, I would like to continue to exclude the wordpress rules from the /wordpress/.htaccess while preserving BPS rules. * Could a future update include some sort of option for this configuration? I tried placing the wordpress rules in the custom code section and it doesn’t save the changes. * Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/) * (@aitpro) * [11 years, 9 months ago](https://wordpress.org/support/topic/exclude-wordpress-redirect-block/#post-5218065) * I don’t think we will ever mess with the site root .htaccess file for GWIOD sites. By default WordPress creates the site root .htaccess file exactly as it should be created so there is really no reason to mess with that site root .htaccess file. * Minus the bugs that we need to fix in BPS the current configuration works fine for Network sites and Network GWIOD sites. The site root .htaccess file should be a default WordPress generated/created .htaccess file as it is and the BPS root .htaccess file in the WordPress installation folder contains all the website’s security rules which are applied in and from the parent folder to all child folders below the parent folder. * You tried to copy what code where in Custom Code? I would need exact details of what you did / are doing. If you are copying the correct code to the correct Custom Code text box then are you doing the rest of the Custom Code steps? save it, create new master files with automagic and activate root folder bulletproof mode again? * Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/) * (@aitpro) * [11 years, 9 months ago](https://wordpress.org/support/topic/exclude-wordpress-redirect-block/#post-5218066) * I think I know what you are trying to do which is to copy this code below to Custom Code. You cannot do that (that code is not allowed to be added to Custom Code and is automatically stripped out if someone tries to add it to prevent catastrophic website problems) and will have to edit your root .htaccess file directly with the BPS htaccess File Editor until we release a new version of BPS with the bugs fixed. The BPS update will automatically correct this code if it is incorrect during the BPS upgrade. * ``` RewriteCond %{REQUEST_FILENAME} -f [OR] RewriteCond %{REQUEST_FILENAME} -d RewriteRule ^ - [L] RewriteRule ^(wp-(content|admin|includes).*) wordpress/$1 [L] RewriteRule ^(.*\.php)$ wordpress/$1 [L] RewriteRule . index.php [L] ``` * Thread Starter [larnellc](https://wordpress.org/support/users/larnellc/) * (@larnellc) * [11 years, 9 months ago](https://wordpress.org/support/topic/exclude-wordpress-redirect-block/#post-5218067) * Again, thanks so much. I look forward to next update. I appreciate you looking into this and providing such detailed responses. I am on shared hosting with Dreamhost and they were NOT helpful in determining the cause of my redirects. I could have saved a lot of time if there were tools available to users on shared hosting for troubleshoot this kind of situation. I did turn off security logging in BPS and that was not the cause of my redirects. * Your work helps take the mystery out of apache htaccess rules while keeping my site secure. I was able to use your forum to troubleshoot a variety of issues before this tread. Your post on example post on 301 redirects was especially helpful. Currently I have basic BPS, I’ll be upgrading to pro with your next patch. * Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/) * (@aitpro) * [11 years, 9 months ago](https://wordpress.org/support/topic/exclude-wordpress-redirect-block/#post-5218068) * Very welcome! * Yep, we feel it is actually much more important to explain how stuff works vs“ push button A”, so that folks understand what is going on and have control of things vs feeling overwhelmed or confused. confusion sucks. Viewing 15 replies - 1 through 15 (of 20 total) 1 [2](https://wordpress.org/support/topic/exclude-wordpress-redirect-block/page/2/?output_format=md) [→](https://wordpress.org/support/topic/exclude-wordpress-redirect-block/page/2/?output_format=md) The topic ‘Exclude wordpress redirect block.’ is closed to new replies. * ![](https://ps.w.org/bulletproof-security/assets/icon-128x128.png?rev=1731938) * [BulletProof Security](https://wordpress.org/plugins/bulletproof-security/) * [Support Threads](https://wordpress.org/support/plugin/bulletproof-security/) * [Active Topics](https://wordpress.org/support/plugin/bulletproof-security/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/bulletproof-security/unresolved/) * [Reviews](https://wordpress.org/support/plugin/bulletproof-security/reviews/) * 20 replies * 2 participants * Last reply from: [AITpro](https://wordpress.org/support/users/aitpro/) * Last activity: [11 years, 9 months ago](https://wordpress.org/support/topic/exclude-wordpress-redirect-block/page/2/#post-5218161) * Status: resolved