We Keep Coding

There is "/?i=2" in my wordpress website index url

I recently grabbed a host and first there was an index2.html in my htdocs root which was default index, I didn't remove that until I install wordpress in that root. then wordpress automatically made a httaccess file with following codes which is normal:
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
now I realize that sometimes there is /?i=1 or /?i=2 in my general url, for example, wordpresssite.com/?i=2
this is a problem because I'm using some ad-unit system and I gave my website url to the system but it seems that the ad system bots some time redirect to "wordpresswebsite.com/?i=2" url and it does not match with the url I entered before (wordpresswebsite.com) so it's not gonna work.
now I removed the index2.html but the problem is still there.
this ?i=1 or 2 is about PHP GET parameter but how this parameter will appear.

I found this on reddit with similar issue and the conclusion was:
Most likely there are some rules at vhost level.
---- yes it's from the host, they said they cannot disable it as it's protecting me from bots.

For those interested in removing the /?i=1 installed mostly by free host providers here's a tip.
Edit & upload the .htaccess file in root of website
RewriteCond %{QUERY_STRING} ^(.*)\?i=1$ [NC]
RewriteRule ^(.*)$ /$1?%1 [R=301, L]

If you're using Apache, you have to enable mod_rewrite first.
sudo a2enmod mod_rewrite
Then restart or reload your server for the new configuration to take place:
sudo service apache2 restart
(Try to find some fancy control panel option for this, if not having shell access)

?i=1 or 2 or 3 is to protect your website from bots. Try using cloudflare for your website or use the .htaccess code to remove ? paramaters. Note that using any code to remove ?i=1 will remove all ? parameters.

htaccess simulate subdomain to subdirectory in Wordpress

I need to develop a plugin that can write into the WP htaccess file and "simulate" subdomains.
I have a new WP installation with basic htaccess on example.com
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
Is there a way via htaccess that if I go to about.example.com I see the page example.com/about, without changing the URL (meaning that I still see about.example.com in the browser address bar)?
And also, is it possible that if I go to about.example.com/category1 I see the page example.com/about/category1?
I tried using the following code by adding it to the end of the htaccess, but it doesn't work:
RewriteEngine On
RewriteCond %{HTTP_HOST} ^(www.)?example.com.com$
RewriteRule ^(/)?$ about [L]

You should be able to do that using the following rule in your .htaccess:
RewirieEngine On
RewriteCond %{HTTP_HOST} ^about.example.com [OR]
RewriteCond %{HTTP_HOST} ^www.about.example.com
RewriteRule ^(.*) http://example.com/about/$1 [P]
What this does is check for the address about.example.com, if the condition is met it should redirect to example.com/about/.... but keeping the original address.
The [P] flag causes the request to be handled by mod_proxy, and handled via a proxy request.
However, keep in mind that using mod_proxy can cause security issues:
Take care when constructing the target URL of the rule, considering
the security impact from allowing the client influence over the set of
URLs to which your server will act as a proxy. Ensure that the scheme
and hostname part of the URL is either fixed, or does not allow the
client undue influence.
Normally using .htaccess you cannot go from one domain to another domain keeping the original URL. It can be a security nightmare as mentioned above. However, since this is a subdomain it should work.
Make sure you clear your cache before testing this.
Alternative
You can use ProxyPass - which would be a more secure option. You can find more information on how to use this via the Apache Documentation via this link. But this would need to done on a level higher than .htaccess. Through the config files.
I hope this helps.

How to prevent my wordpress requesting jquery from another ip?

My wordpress is infected by malware. I found malicious code attached right after jquery codes in every js file.
Also I found multiple requests being made to unknown host/ip. I'm unable to find which script makes this call.
So I'm thinking to block any request to third party domain or IP via htaccess. But it doesn't seem to work.
Please advice the correct way to write this.
path to .htaccess file:
public_html\.htaccess
The content if it (before changes):
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
I tried:
attempt 1
//but I don't think this is relevant as it's meant for incoming
requests
order allow,deny
allow from all
deny from 134.249.116.78
attempt 2
Deny from 134.249.116.78
This is how network tab looks like:
And the header like this:

You will need to do this at the Web Server level of your stack. In your case using Apache configuration.
Specifically, the important one for your question is:
Header always append X-Frame-Options SAMEORIGIN
Additionally for the issue of XSS
Header set X-XSS-Protection “1; mode=block”
It should be noted that is not all that is necessary to lock down a server and that will not stop all XSS but it is a step towards a more secure server environment.

Concrete5 project throws 404 on all pages except index.php

I just copied a concrete5 project over to my local box and am trying to get it running on localhost. I had permissions problems at the start so I just ran a sudo chmod 777 -R site which remedied that. I then had problems with clicking a link. Anything besides index.php would result in a 404. So I messed around with the htaccess file. It came in this state:
# Use PHP53 as default
AddHandler application/x-httpd-php53 .php
<IfModule mod_suphp.c>
suPHP_ConfigPath /opt/php53/lib
</IfModule>
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME}/index.html !-f
RewriteCond %{REQUEST_FILENAME}/index.php !-f
RewriteRule . index.php [L]
</IfModule>
and I changed it to this:
# Use PHP53 as default
AddHandler application/x-httpd-php53 .php
<IfModule mod_suphp.c>
suPHP_ConfigPath /opt/php53/lib
</IfModule>
<Directory>
AllowOverride All
</Directory>
<IfModule mod_rewrite.c>
<IfModule mod_negotiation.c>
Options -MultiViews
</IfModule>
RewriteEngine On
RewriteBase /
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME}/index.php !-f
RewriteRule . index.php [L]
</IfModule>
Now, none of that helped. I decided to just disable pretty URLs in the database. I did that and most links work. It looks like some still don't (maybe the ones that are involved in a package. I don't know because I am picking up this project where someone left it). Bear in mind this all works perfectly on the live server at this time with the first .htaccess file I showed.
Any idea as to how to remedy this?

It does sound like you are having an issue with Pretty URLs. The ones that are still not working after you disabled it are likely do cached items like blocks. If you clear you cache your site will likely work without Pretty URLs turned on.
As for why Pretty URLs are not working, I would first make sure that mod_rewrite is enabled. Then you can try a couple of these for the rewrite rule.
RewriteRule ^(.*)$ index.php [L]
RewriteRule .* index.php [L]

Note: you can use the scripts from your admin login to update "pretty URLs". One caution would be is that if you use .htaccess for another purpose on your site.

Try removing the htaccess completely. Rather than deleting it, rename it. Then get into the dashboard directly at /index/dashboard/ , disable pretty urls, disable and clear the cache, and clear your browser cache.
(In general, always disable pretty urls and disable and clear the cache before cloning a site.)
Once everything is working without pretty urls, you can then start re-enabling.

I've just hit this one whilst trying out concrete5 on my home machine (linux/apache).
In my case, the problem appears to have been because I'd installed concrete5 two directory levels beneath the document root (/var/www/html). Initially, I just created the .htaccess file based on the values given when I enabled pretty urls, then hit the "page not found" problem (couldn't even log in.) Eventually, the penny dropped: I edited .htaccess and changed RewriteRule to point to the actual location of the concrete5 index.php relative to /var/www/html.
So in my case, concrete5 is installed into /var/www/html/playpen/public_html - so the new RewriteRule reads:
RewriteRule . playpen/public_html/index.php
and that appears to work.
Hope it helps someone ...

Laravel in subfolder on webhost

I have a webapp written in Laravel that needs to run in a folder on a web host.
The app will have to be accessible via hostname.com/webhit/. This will point to the app's home page.
I only have one route:
Route::controller('/', 'HomeController');
HomeController's getIndex needs to serve the home page. This works.
However, as soon as I want to go to something like hostname.com/webhit/login, I get a 404 from Apache.
Obviously, .htaccess is not working properly. I need it to, essentially, turn URLs that look like hostname.com/webhit/login into hostname.com/webhit/index.php/login.
I have a .htaccess file in www/webhit (where index.php is located) that looks like this:
<IfModule mod_rewrite.c>
<IfModule mod_negotiation.c>
Options -MultiViews
</IfModule>
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ webhit/index.php/$1 [L]
</IfModule>
I am not very familiar with .htaccess file syntax, but I believe it's doing something wrong.
Edit:
I did it. My .htaccess was wrong (it actually causes a redirect loop), but the issue was that it wasn't even being parsed by Apache (hence the 404 instead of a 500 due to >10 redirects in a request). I did the following steps in order to get everything to work:
Enable mod_rewrite and restart Apache (plenty of docs out there on how to do this)
But wait, there's more! By default, Apache on Ubuntu prevents URL rewrites. See this site. Most importantly, the following fragment from the URL above is very important: "By default, Ubuntu's Apache will ignore the directives in your .htaccess files." You will need to actually enable rewrites by editing \etc\apache2\sites-available\default and setting AllowOverride to all (see link above for more details).
Reload the configuration (or just restart apache).
Make sure you're using the correct .htaccess. My original version actually has a redirect loop in it. See the selected response for the correct version.
After this, I got it to work. I hope it helps future programmers having a similar issue!

Check default server requirements - laravel .htaccess file works for most situations. Try with this:
<IfModule mod_rewrite.c>
Options -MultiViews
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [L]
</IfModule>
I would suggest you to use resourceful controllers - mappings from your route to your controllers methods are much more clear, and you'll get full
resource with one command (routes,models,views,controllers)