Follow @BPSPro

Adding a Custom 403 Forbidden Page – htaccess 403 ErrorDocument Directive Examples

1 Comment RSS Site Feed Author: AITpro Admin
Published: January 3, 2011
Updated: April 26, 2011

Open the secure.htaccess file in the BPS File Editor and add this Apache ErrorDocument Directive.  You can also add this to your currently active root htaccess file as well so that you do not have to reactivate BulletProof Security Mode for the root folder.  It does not matter where you put the ErrorDocument directive in your htaccess files because it is a matching condition or rule.  So this means that it only comes into play if one of the filters triggers a Forbidden activity or action.  I have included the ErrorDocument directive in the htaccess file example below near the top of the htaccess file just to keep it simple and visually logical.  The example below shows that the ErrorDocument 403  directive has been added after Options -Indexes near the top of the secure.htaccess file.

BPS .45.8 includes the ErrorDocument htaccess code (commented out until you uncomment it to “turn it on”) and the forbidden.html file is in the /plugins/bulletproof-security/ folder.  Download and customize the forbidden.html file for your website and upload it to your correct website folder.  In BPS .45.9 this will be a one click feature, but for now it is manual. 

If you want to use the Forbidden HTML page that is using as a starting point and customize it for your website > Download the AITpro forbidden.html file > or you can just create your own from scratch.  Upload the AITpro or your own forbidden.html file to your website.  If your WordPress installation is in the root folder then you can upload the file there.  It does not really matter where the forbidden.html is uploaded to your server / website as long as the path matches for the ErrorDocument 403 / directive.

# AddHandler application/x-httpd-php5 .php
# AddHandler cgi-php5 .php

Options -Indexes

ErrorDocument 403 /forbidden.html

# BEGIN WordPress
RewriteEngine On
RewriteBase /

ErrorDocument 403 / Various Examples and Scenarios

If you only have one WordPress installation and if your WordPress installation was in a subfolder called /your-blog-folder, then it would probably be best to upload the forbidden.html file to that folder and add that folder name to path to the forbidden.html file.

ErrorDocument 403 /your-blog-folder/forbidden.html

Let’s say you have several WordPress installations / websites in several different folders on your website domain and you only wanted to have one 403 Forbidden file for all of them.  For the example I will use with some made up folder names where WordPress is hypothetically installed.  The folder names are /WP1, /WP2 and /WP3.  In my example I have the forbidden.html file uploaded to my root folder so that means I do not need to add any folder names.  The ErrorDocument directive is a literal rule and will only look where you tell it to look.  This ErrorDocument directive then works for all of the WordPress installations as long as you add this to each of their htaccess files.  You could also be handling all of your WordPress installations from one htaccess file, but that is beyond the scope of how BPS is set up by default.

ErrorDocument 403 /forbidden.html

Another possibility is to have separate and unique forbidden.html files for each of your WordPress sites.  This would make sense if your sites were about different things and had a completely different look, etc, etc.  In that case you would just put the unique forbidden.html files where you want them and then tell the ErrorDocument 403 directive where to look in each website’s htaccess files.

For WordPress installation /WP1 you could have this ErrorDocument 403 directive in that site’s root htaccess file, which would be in the /WP1 folder (/WP1/.htaccess) and the rest of the other sites would be following this same example:

ErrorDocument 403 /WP1/forbidden.html

If you want to add a 404 ErrorDocument Directive to your BPS root .htaccess file you would add the name of your specific Theme’s 404 template as shown below.  The example is using a Theme file template named 404.php.  This is a common naming convention for a 404 template file, but your particular Theme’s 404 template may be named something else.  Check in your Theme’s folder for the exact name of the 404 template that your Theme uses.

ErrorDocument 403 /forbidden.html
ErrorDocument 404 /404.php

Tags: , , ,

Categories: BulletProof Security Plugin Support

1 Comment to “Adding a Custom 403 Forbidden Page – htaccess 403 ErrorDocument Directive Examples”

  1. […] Adding a Custom 403 Forbidden Page – htaccess 403 ErrorDocument Directive Examples […]

Skip to toolbar