Michael Helm's Technology Blog

I’ve come across this problem a number of times, of course each time I think “this will be fixed next time”.  Unfortunately it’s not the case.  What’s the problem then?

You have a directory that you want to password protect, lets call it “secrets”.  It resides in /home/mysite/public_html/secrets/ on the server.  Now fortunately you are using a hosting control panel like cpanel and you’ve password protected directories before (if not then have a hunt on this site or on google!).

Before you activate the protection you can view the contents fine, so you activate protection – driven by a .htaccess file… and then rather than being asked for your username and password, you get a 404 or a 403 message from wordpress “Sorry the page you are looking for cannot be found”.

Intrepid system administrators hunt through error logs, and sure enough the access log is recording a 404… however the error log is recording something different.

Permission denied: /home/mysite/public_html/secret/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable

This error message has had a number of solutions in the past, including the infamous “reinstall frontpage extensions”, except these are long gone – not supported and never will be again, please don’t go installing them just to get past this problem! – It will end in tears.

Instead you just need to add a couple of lines to the wordpress .htaccess file in the root of your site (e.g. /home/mysite/public_html/.htacess). Go to the file and just before the main WordPress part

#BEGIN wordpress – add the following

ErrorDocument 401 /%{REQUEST_URI}/errors.html
ErrorDocument 403 /%{REQUEST_URI}/errors.html

This should set the site to working, now why does this work?

Simply put wordpress is often run with a pretty url mode (permalinks) where the addresses for posts are made to look more pretty.  When you request your secret directory the server tries to access it, looks at the .htaccess file and promptly tries to do a redirect, this invariably ends up at a page wordpress cannot access – this doesn’t happen without the .htaccess as wordpress allows access to existing real files, but the htaccess security says the file doesn’t exist until the password is entered and so it intercepted.

It’s all a bit confusing, however adding these lines essentially means wordpress can get out of the way when those errors occur, 401 and 403 are authorisation required or failure codes, so wordpress will ignore and the htaccess can safely challenge your.

Hopefully this will help if you come across this problem.

• The Benefits of Soul-Crushing Boredom http://t.co/52PlS74 via @WSJ #

• The Benefits of Soul-Crushing Boredom http://t.co/52PlS74 via @WSJ #

• My personal data has not been leaked. Phew! @gizmodo #hackcheck http://t.co/ktgINAX #

• My personal data has not been leaked. Phew! @gizmodo #hackcheck http://t.co/ktgINAX #

• using #cloudme for the first time since apple bought icloud domain.. If anything it seems faster! #

• Top 10 Places to Stay with Disabled Access in Yorkshire http://t.co/BzB3mil @iknow-uk #

Mod Deflate is essential nowadays for sites, it speeds up the transfer of html pages & other files (such as stylesheets) by compressing them first. Now that servers today are so powerful there is very little reason not to use this, especailly since so many “speed up” tests will not pass without this being enabled.

However whilst you can enable it site-by-site, however for shared hosts with many sites this is not the best way, but you can enable it globally.

1. First ensure it’s installed, you can do this by using EasyApache and ensuring that mod_deflate is selected (it may be already),once apache has been compiled deflate is now enabled.
2. If you want to enable the functionality site-by-site then in each sites control panel a new option is now available.  under Software/Services the user can now choose to optimise their website, this essentially allows deflate to be turned on and off.
3. If you want to do this globally (why not it cuts bandwidth and keeps your users happier) then  simply follow the following:

• Under Services Configuration / Apache Configuration / Include Editor / Post Virtual Include
• Select All Versions (no point in not doing all versions)
• Paste the following into the file and then click Update.

<IfModule mod_deflate.c>
SetOutputFilter DEFLATE
<IfModule mod_setenvif.c>
# Don’t compress images its a bit pointless
SetEnvIfNoCase Request_URI .(?:gif|jpe?g|png)$ no-gzip dont-vary
</IfModule>
<IfModule mod_headers.c>
# Make sure proxies don’t deliver the wrong content
Header append Vary User-Agent env=!dont-vary
</IfModule>
#maximum compression - why not we have spare cpu
DeflateCompressionLevel 9
</IfModule>

For a few years now I keep catching myself transferring files between Linux servers, in a silly way…

What I mean is using somthing like ftp, or copying to my desktop and then up to the other server – all hassle (and in the case of ftp – inherently insecure).  Why do I do this?  Well not because there’s no alternative, but because I can never easily remember how to do it the “proper” way.

So how to do it – simply use SCP, this copies a file using SSH and so is more secure (we trust SSH right?), even better I’ve never had a server which doesn’t support it out of the box.

Right so how to transfer one file:

scp /sourcedir/filename.extension user@serverip:/destinationdir/

It’s quite simple really – if you run SSH on an abnormal port (you really should it cuts down the attacks) then you can specify the port like this:

scp -P 2100 /sourcedir/filename.extension user@serverip:/destinationdir/

Also, if you want to transfer multiple files (e.g. all the images in a directory) then you can just use wildcards – like below:

scp -P 2100 /sourcedir/*.extension user@serverip:/destinationdir/

Sometimes you might need to put wordpress into maintenance mode – this replaces your site with a basic message saying that the site is temporarily unavailable.

Why might you want to do this?

• To correct a mistake in a template (so put it in maintenance while you restore from your ever handy backup).
• While doing manual updating (for instance the automatic updating failed or a plugin is not available for automatic updating).

In order to do this simply put a file in the root of your wordpress install and name it .maintenance .  The file MUST be preceded by the “.” similar to a .htaccess file.

Normally this file has code in it to indicate how long the site will be under maintenance, and if the timestamp passes then the file is de-activated and the site is available – for instance to make the site be unavailable until now (Feb 17th 22:28 2011) do the following:

<?php $upgrading = 1297981662; ?>

However if you want the site to stay in maintenance mode as long as needed then the timestamp just needs to be kept changing so the following will do the job:

<?php $upgrading = time(); ?>

And that’s it – simple as that you can put wordpress into maintenance mode without a lot of hassle.