{"id":2239,"date":"2011-01-03T17:05:01","date_gmt":"2011-01-04T00:05:01","guid":{"rendered":"http:\/\/www.ait-pro.com\/aitpro-blog\/?p=2239"},"modified":"2011-04-26T13:35:49","modified_gmt":"2011-04-26T20:35:49","slug":"adding-a-custom-403-forbidden-page-htaccess-403-errordocument-directive-examples","status":"publish","type":"post","link":"https:\/\/www.ait-pro.com\/aitpro-blog\/2239\/bulletproof-security-plugin-support\/adding-a-custom-403-forbidden-page-htaccess-403-errordocument-directive-examples\/","title":{"rendered":"Adding a Custom 403 Forbidden Page – htaccess 403 ErrorDocument Directive Examples"},"content":{"rendered":"

Open the secure.htaccess file in the BPS File Editor and add this Apache ErrorDocument Directive.\u00a0 You can also add this to your currently active root htaccess file as well so that you do not have to reactivate BulletProof Security Mode for the root folder.\u00a0 It does not matter where you put the ErrorDocument directive\u00a0in\u00a0your htaccess files because it is a matching condition or rule.\u00a0 So this means that it only comes into play if one of the filters triggers a Forbidden activity or action.\u00a0 I have included the ErrorDocument directive in the htaccess file example below near the top of the htaccess file just to keep it simple and visually logical.\u00a0 The example below shows that the ErrorDocument 403\u00a0 directive has been added after Options -Indexes near the top of the secure.htaccess file.<\/p>\n

BPS .45.8 includes the ErrorDocument htaccess code (commented out until you uncomment it to “turn it on”) and the ait-pro.com forbidden.html file is in the \/plugins\/bulletproof-security\/ folder.\u00a0 Download and\u00a0customize the\u00a0forbidden.html file for your website\u00a0and\u00a0upload\u00a0it to\u00a0your correct website folder.\u00a0 In BPS .45.9 this will be a one click feature, but for now it is manual.<\/strong>\u00a0 <\/span><\/p>\n

If you want to use the Forbidden HTML page that AIT-pro.com is using\u00a0as a starting point and customize it for your website > Download the AITpro forbidden.html file<\/a><\/span> > or you can just create your own from scratch.\u00a0 Upload the AITpro or your own forbidden.html file to your website.\u00a0 If your WordPress installation is in the root folder then you can upload the file there.\u00a0 It does not really matter where the forbidden.html is uploaded to your server \/ website as long as the path matches for the ErrorDocument 403 \/ directive.<\/p>\n

# AddHandler application\/x-httpd-php5 .php\r\n# AddHandler cgi-php5 .php\r\n\r\nOptions -Indexes\r\n\r\nErrorDocument 403 \/forbidden.html\r\n\r\n# BEGIN WordPress\r\nRewriteEngine On\r\nRewriteBase \/<\/pre>\n
ErrorDocument 403 \/ Various Examples and Scenarios<\/span><\/h2>\n
If you only have one WordPress installation and if your WordPress installation was in a subfolder called \/your-blog-folder, then it would probably be best to upload the forbidden.html file to that folder and add that folder name to path to the forbidden.html file.<\/p>\n
ErrorDocument 403 \/your-blog-folder\/forbidden.html<\/span><\/strong><\/p>\n
Let’s say you have several WordPress installations \/ websites in several different folders on your website domain and you only wanted to have one\u00a0403 Forbidden file for all of them.\u00a0 For the example I will use AIT-pro.com with some made up folder names where WordPress is hypothetically installed.\u00a0 The folder names are \/WP1, \/WP2 and \/WP3.\u00a0 In my example I have the forbidden.html file uploaded to my root folder so that means I do not need to add any folder names.\u00a0 The ErrorDocument directive is a literal rule and will only look where you tell it to look.\u00a0 This ErrorDocument directive then works for all of the WordPress installations as long as you add this to each of their htaccess files.\u00a0 You could also be handling all of your WordPress installations from one htaccess file, but that is beyond the scope of how BPS is set up by default.<\/p>\n
ErrorDocument 403 \/forbidden.html<\/span><\/strong><\/p>\n
Another possibility is to have separate and unique forbidden.html files for each of your WordPress sites.\u00a0 This would make sense if your sites were about different things and had a completely different look, etc, etc.\u00a0 In that case you would just put the unique forbidden.html files where you want them and then tell the ErrorDocument 403 directive where to look in each website’s htaccess files.<\/p>\n
For WordPress installation \/WP1\u00a0you could have this ErrorDocument 403 directive in that site’s root htaccess file, which would be in the \/WP1 folder (\/WP1\/.htaccess) and the rest of the other sites would be following this same\u00a0example:<\/p>\n
ErrorDocument 403 \/WP1\/forbidden.html<\/span><\/strong><\/p>\n
If you want to add a 404 ErrorDocument Directive to your BPS root .htaccess file you would add the name of your specific Theme’s 404 template as shown below.\u00a0 The example is using a Theme file template named 404.php.\u00a0 This is a common naming convention for a 404 template file, but your particular Theme’s 404 template may be named something else.\u00a0 Check in your Theme’s folder for the exact name of the 404 template that your Theme uses.<\/p>\n
ErrorDocument 403 \/forbidden.html
\nErrorDocument 404 \/404.php<\/p>\n","protected":false},"excerpt":{"rendered":"
Open the secure.htaccess file in the BPS File Editor and add this Apache ErrorDocument Directive.\u00a0 You can also add this to your currently active root htaccess file as well so that you do not have to reactivate BulletProof Security Mode for the root folder.\u00a0 It does not matter where you put the ErrorDocument directive\u00a0in\u00a0your htaccess […]<\/p>\n","protected":false},"author":167,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":"","_links_to":"","_links_to_target":""},"categories":[33],"tags":[331,329,332,330],"class_list":["post-2239","post","type-post","status-publish","format-standard","hentry","category-bulletproof-security-plugin-support","tag-403-html-page","tag-custom-403-forbidden-page","tag-custom-html-403-forbidden-page","tag-htaccess-403-errordocument"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.ait-pro.com\/aitpro-blog\/wp-json\/wp\/v2\/posts\/2239","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ait-pro.com\/aitpro-blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ait-pro.com\/aitpro-blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ait-pro.com\/aitpro-blog\/wp-json\/wp\/v2\/users\/167"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ait-pro.com\/aitpro-blog\/wp-json\/wp\/v2\/comments?post=2239"}],"version-history":[{"count":0,"href":"https:\/\/www.ait-pro.com\/aitpro-blog\/wp-json\/wp\/v2\/posts\/2239\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.ait-pro.com\/aitpro-blog\/wp-json\/wp\/v2\/media?parent=2239"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ait-pro.com\/aitpro-blog\/wp-json\/wp\/v2\/categories?post=2239"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ait-pro.com\/aitpro-blog\/wp-json\/wp\/v2\/tags?post=2239"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}