Category Archives: htaccess

WordPress: Changing Maximum Upload Size

htaccess, HTML5, PHP, Wordpress

Using WordPress to upload videos (or other files), it may turn out that you need to upload a file larger than the maximum limit set by WordPress. This should no be a significant, you can increase the size of the allowed upload file. To increase the upload size, you must adjust some or all the following PHP variables:

  • WP_MEMORY_LIMIT
  • upload_max_filesize
  • post_max_size
  • max_execution_time

Must and may changes are as following. To increase the upload size, you must increase the upload_max_filesize and post_max_size. If the file is large enough, you may need to increase the size for memory_limit, max_execution_time and max_input_time.

The changes may be made in two locations. They may be made in your php.ini file or your .htaccess file. You may not change them by modifying your wp_config.php file adding an ini_set. Using ini_set in wp_config.php might be your first instinct, but, that will not work.

To keep the change more localized, modify the .htaccess file with the following code (changing the upload preference size as needed for your situation)


    <IfModule mod_php5.c>
        php_value memory_limit 64M
        php_value upload_max_filesize 64M
        php_value post_max_size 64M
        php_value max_execution_time 600
        php_value max_input_time 600
    </IfModule>

If you prefer to change php.ini, you can add the following to th php.ini file as needed in your situation


    memory_limit = 64M
    upload_max_filesize = 64M
    post_max_size = 64M
    max_execution_time = 600
    max_input_time = 600

htaccess Features You Need to Know

htaccess

The following are a list for directives that can be used in htaccess files to adjust file paths, adjust site security, prevent unwanted visitors and more.

In the following samples, you should replace the domain names, and file names to match your site needs. Even more, you need to remember to adjust the rewritebase to reflect the directory you are placing the htaccess file in. If it is the root directory, use “/”, if a subdirectory, use that directory name. The subdirectory should be of the form /dir/ (i.e. start at the root directory and terminate the path with a slash. You may remove the “ifModule” lines if you are certain that your server supports the features and you do not plan to move the htaccess file on another machine that would need verification of available functionality.

For your site security, if a index.html, index.php, index.asp is missing in a directory, you do not want people to list your directory. You can prevent listing of your directories by placing the following in the root directory htaccess file. 

  #Preventing Directory Listing
  IndexIgnore *

You would like to set the name of the default home page, other than the typical index.html, default.html, etc. You can set the default name with: 

  #Specify a default home page (index page)
  DirectoryIndex home.html

In the event that you forget to include the UTF-8 designation in your web files, set the default to UTF-8. 

  # Default to UTF-8
  
    php_value default_charset utf-8

To prevent search engines from seeing two different sites, mydomain.com and www.mydomain.com, you should force all requests to the site to use one or the other of these designations and force input to that. The following will remove www from all incoming requests.

  # Never use www in the domain
  # Replace 'mydomain.com' with your domain name
  
    RewriteEngine on
    RewriteBase /dir/
    RewriteCond %{HTTP_HOST} ^www\.(([a-z0-9_]+\.)?mydomain\.com)$ [NC]
    RewriteRule .? http://%1%{REQUEST_URI} [R=301,L]

The following will force all input to include www.

  # Always use www in the domain
  # Replace 'mydomain.com' with your domain name
  
    RewriteEngine on
    RewriteBase /dir/
    RewriteCond %{HTTP_HOST} ^([a-z.]+)?mydomain\.com$ [NC]
    RewriteCond %{HTTP_HOST} !^www\. [NC]
    RewriteRule .? http://www.%1mydomain.com%{REQUEST_URI} [R=301,L]

The following will force all connections to the site to be a secure access.

  # Always use https for secure connections
  # Replace 'www.mydomain.com' with your domain name
  # (as it appears on your SSL certificate)
  
    RewriteEngine On
    RewriteBase /dir/
    RewriteCond %{SERVER_PORT} 80
    RewriteRule ^(.*)$ https://www.mydomain.com/$1 [R=301,L]

The following will set only selected pages of the site are secure.

  # Always use https for secure connections
  # Replace 'www.mydomain.com' with your domain name
  # (as it appears on your SSL certificate)
  
    RewriteEngine On
    RewriteBase /
    RewriteCond %{HTTPS} on
    RewriteRule ^(about|contact|products-page|products-page/transaction-results)/$ 
                          http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

The following will block traffic to multiple sites. Notice the use of OR 

  # Block traffic from multiple referrers
  
    RewriteEngine on
    Options +FollowSymlinks
    RewriteBase /
    RewriteCond %{HTTP_REFERER} badsite\.com [NC,OR]
    RewriteCond %{HTTP_REFERER} badforum\.com [NC,OR]
    RewriteCond %{HTTP_REFERER} badsearchengine\.com [NC]
    RewriteRule .* - [F]

Redirect away from the root directory to a subfolder where you have placed your website.

  # Set a default home directory, (this subfolder always loads)
  # Replace 'folder' with your subfolder name
  
    RewriteEngine On
    RewriteBase /
    RewriteRule ^$ /folder/ [R=301,L]

Redirect your site from a previous location to a new location

  
    # Rename a directory and force visitors to the new name
    # Replace 'old' with your old folder name
    # Replace 'new' with your new folder name
    RewriteEngine on
    RewriteBase /
    RewriteRule ^/?old([a-z/.]*)$ /new$1 [R=301,L]
  


  
  
    RewriteEngine On
    RewriteBase /dir/
    RewriteRule ^index\.html$ welcome.html

Do a permanent redirect (301 redirect) of multiple domain names to one location

  
    # Redirect Multiple Domains to a Single Domain
    RewriteEngine On
    RewriteBase /dir/
    RewriteCond %{HTTP_HOST} ^www.mydomain.net$ [NC,OR]
    RewriteCond %{HTTP_HOST} ^mydomain.net$ [NC,OR]
    RewriteCond %{HTTP_HOST} ^www.mydomain.net$ [NC]
    RewriteRule ^(.*)$ http://mydomain.net/$1 [R=301,L]

Prevent the hijacking/hotlinking of your images by producing a FORBIDDEN message

  # Give Hotlinkers a 403 Forbidden warning.
  
    RewriteEngine on 
    RewriteBase /dir/
    RewriteCond %{HTTP_REFERER} !^$
    RewriteCond %{HTTP_REFERER} !^http://mydomain\.net/?.*$ [NC] 
    RewriteCond %{HTTP_REFERER} !^http://mydomain\.com/?.*$ [NC] 
    RewriteRule \.(gif|jpe?g|png|bmp|js|css)$ – [F,NC]

Prevent the hijacking/hotlinking of your images by substituting an alternate image

  # Redirect Hotlinkers to "warning.png"
   
    RewriteEngine on 
    RewriteBase /dir/
    RewriteCond %{HTTP_REFERER} !^$
    RewriteCond %{HTTP_REFERER} !^http://mydomain\.net/?.*$ 
    RewriteCond %{HTTP_REFERER} !^http://mydomain\.com/?.*$ [NC] 
    RewriteRule \.(gif|jpe?g|png|bmp|js|css)$ http://mydomain.com/warning.png [NC,R,L]

Prevent the access to selected types of file by anyone on your site

  #Do not allow these file types to be called
  
    RewriteEngine on
    RewriteBase /dir/
    RewriteRule .*\.(jpg|jpe?g|gif|png|bmp|exe|swf)$ - [F,NC]

Set a Default image to be returned for all missing images

  # Set up a Default Image
  
    RewriteEngine On
    RewriteBase /dir/
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteRule ^images/.*\.jpg$ /images/default.jpg [L]

The following code can be used to turn files in a specific directory into files that can only be downloaded, not read from their current location. This can be used in a download store, where you would need a directory to hold the downloadable files. This creates a directory that is not listable by visitors and no file in the directory can be executed.

For this to work:

  • you must include either ‘All’ or at least: ‘Limit’ and ‘Indexes’ parameters to the AllowOverride configuration in your apache/conf/httpd.conf file.
  • OPTIONALLY: if “All” is not specified and you want the added protection offered by the OPTIONS directive below, you’ll need to add ‘Options’ to the AllowOverride list:
    • Example:
    •     AllowOverride Limit Options Indexes

    •   # For security reasons, Option followsymlinks cannot be overridden.
  #  Options +FollowSymLinks
  Options +SymLinksIfOwnerMatch
  # deny *everything*
  
    Order Allow,Deny
    Deny from all
  
  # but now allow just *certain* necessary files:
  
    Order Allow,Deny
    Allow from all
  
  
    
      # Force all downloads to automatically be treated as "save as" instead of launching in an application directly
      ForceType application/octet-stream
      Header set Content-Disposition attachment
    
  
  IndexIgnore */*

    Given the state of the internet, you may decide to block access to your website from selected locations. The following offers you a variety of ways to block traffic to your site.

    Block traffic from specific websites

      # Block traffic from multiple referrers
  
    RewriteEngine on
    # Options +FollowSymlinks
    RewriteBase /dir/
    RewriteCond %{HTTP_REFERER} badsite\.com [NC,OR]
    RewriteCond %{HTTP_REFERER} anotherbadsite\.com
    RewriteRule .* - [F]

    Deny site from specific IP address with message

      # Block a Specific IP Address
  # Replace the IP address you want to block 
  # leave the "\" before each dot, which escapes the character).
  
    RewriteEngine On
    RewriteBase /dir/
    RewriteCond %{REMOTE_ADDR} ^(123\.196\.8\.48)$
    RewriteRule ^/* http://www.mydomain.com/sorry.html [L]

    Deny site access to specific IP addresses with no comment

      order allow,deny
  deny from 123.45.6.7
  deny from 012.34.5.
  allow from all

    Hide specific file.

      # hide .htaccess
  
    order allow,deny
    deny from all

    Re-assign .html, .htm, and .shtml pages to be processed by the php processing. 

      # Force html through php processing
  AddType application/x-httpd-php .php .html .htm .shtml
  AddHandler application/x-httpd-php .html .htm .shtml

    Add SSI preprocessing to your .shtml files

      # Add SSI
  AddType text/html .shtml
  AddHandler server-parsed .shtml
  XBitHack on

    Define the files to be used as the result of a document error.

      # ERROR Documents
  ErrorDocument 400 /errors/badrequest.html
  ErrorDocument 401 /errors/authreqd.html
  ErrorDocument 403 /errors/forbid.html
  ErrorDocument 404 /errors/notfound.html
  ErrorDocument 500 /errors/serverr.html


      # You can create your menu with its flags or whatever you like, and add the country code to end 
  # of the links... <a href="page.html-fr" id="..."></a>
  <IfModule mod_rewrite.c>
    RewriteRule ^(.*)-fr$ 
        http://www.google.com/translate_c?hl=fr&sl=en&u=http://corz.org/$1 [R,NC]
    RewriteRule ^(.*)-de$ 
        http://www.google.com/translate_c?hl=de&sl=en&u=http://corz.org/$1 [R,NC]
    RewriteRule ^(.*)-es$ 
        http://www.google.com/translate_c?hl=es&sl=en&u=http://corz.org/$1 [R,NC]
    RewriteRule ^(.*)-it$ 
        http://www.google.com/translate_c?hl=it&sl=en&u=http://corz.org/$1 [R,NC]
    RewriteRule ^(.*)-pt$ 
        http://www.google.com/translate_c?hl=pt&sl=en&u=http://corz.org/$1 [R,NC]
  <IfModule>