I have a Wordpress installation on the root of an apache (I.E. on /
) and WP wrote this custom .htaccess:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
Now I need to hide a single php script, let's say in /scritps/hello.php
, I tried a .htaccess in scripts
with:
<files hello.php>
Order allow,deny
Deny from all
</files>
But it gets overriden by WP's .htaccess, and hello.php is shown anyway. ( I know this because moving the scripts
directory out of WP to another vhost on my local environment makes it work ).
I want to hide this php file on the live site because it should only be called by cron from the command line, and I can't put the file outside the apache root because that's all I have FTP access to.
And no, I don't have SSH access, someone else's going to set the cron job.
mod_access
definitely loaded in apache (the module that processes allow/deny statements), andAllowOverrides +Limit
is enabled inhttpd.conf
, allowing you to change access permissions in .htaccess?