Home/ Questions/Q 8503961
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-11T01:53:51+00:00

I have following .htaccess file for my CakePHP 2 website. I put this under

  • 0

I have following .htaccess file for my CakePHP 2 website.
I put this under webroot folder.

Everyday some bots try to login to my site as a wordpress site. So I need to restrict some file names (wp-login.php) or some directories like Administrator or Cache.

  • But when I enter to example.com/wp-login.php I get “Error: An Internal Error Has Occurred.” page of CakePHP exception.
  • When I uncomment “directory /administrator” or “directory/cache” every page gives a 403 error.

How can I restrict to that files and folders?

<FilesMatch "\.(htaccess|htpasswd|ini|phps|fla|psd|log|sh)$">
 Order allow,Deny
 Deny from all
</FilesMatch>

<Files wp-login.php>
  Order allow,deny
  Deny from all
</Files>

#<Directory /Administrator>
#    Order allow,deny
#    Deny from all
#<Directory>

#<Directory /Cache>
#    Order allow,deny
#    Deny from all
#<Directory>


<IfModule mod_rewrite.c>
    RewriteEngine On

    RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
    RewriteRule ^(.*)$ http://%1/$1 [R=301,L]

    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteRule ^(.*)$ index.php [QSA,L]
</IfModule>

#set file cache maximum age in seconds
<ifmodule mod_headers.c>
    <filesmatch "\.(ico|flv|jpg|jpeg|png|gif|css|swf)$">
        Header set Cache-Control "max-age=518400, public"
    </filesmatch>
    <filesmatch "\.(js|css)$">
        Header set Cache-Control "max-age=604800, public"
    </filesmatch>
</ifmodule>


# gzip files
<ifModule mod_gzip.c>
  mod_gzip_on Yes
  mod_gzip_dechunk Yes
  mod_gzip_item_include file \.(html?|txt|css|js|php|pl)$
  mod_gzip_item_include handler ^cgi-script$
  mod_gzip_item_include mime ^text/.*
  mod_gzip_item_include mime ^application/x-javascript.*
  mod_gzip_item_include mime ^application/javascript.*
  mod_gzip_item_exclude mime ^image/.*
  mod_gzip_item_exclude rspheader ^Content-Encoding:.*gzip.*
</ifModule>

# gzip files
<ifModule mod_deflate.c>
  <filesMatch "\.(css|js|x?html?|php)$">
    SetOutputFilter DEFLATE
  </filesMatch>
</ifModule>

Edit: I changed redirection code to this. Directory problem solved but CakePHP style Interval server error exception is still exists. 

<FilesMatch "\.(htaccess|htpasswd|ini|phps|fla|psd|log|sh)$">
Order allow,Deny
Deny from all
</FilesMatch>

<Files "wp-login.php">
  Order allow,deny
  Deny from all
</Files>

<IfModule mod_rewrite.c>
    RewriteEngine On

    RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
    RewriteRule ^(.*)$ http://%1/$1 [R=301,L]

    RewriteRule ^/?(administrator|cache|undefined) - [L,F,NC]

    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteRule ^(.*)$ index.php [QSA,L]
</IfModule>
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You can’t use the <Directory> blocks inside an htaccess file. I’m not sure why you get a 500 error for wp-login.php, but you need to add some quotes to the declaration:

    <Files "wp-login.php">
  Order allow,deny
  Deny from all
</Files>

    You can place individual htaccess files in the Administrator and Cache directories that are just:

    Order allow,deny
Deny from all

    Or you can use something like a rewrite rule:

    RewriteRule ^/?(Administrator|Cache) - [L,F]
    • 0