.htaccess and virtual host configuration for WordPress in its own directory

I’ve been taking a look at the modern WP development approaches using Composer and so on, for example Bedrock or WordPress-Skeleton.

I’m trying to adapt these approaches ad create my own WP boilerplate, so I ended up with a project structure like this:

Read More
my_project
 |
 --app  <-- custom wp-content folder
 |   |  
 |   --mu-plugins
 |   --plugins
 |   --themes
 |
 --vendor  <-- folder for composer packages
 |   |
 |   ...
 |
 --wp  <-- WordPress core folder
 |   |
 |   ...
 |
 |--composer.json
 |--composer.lock
 |--index.php
 |--wp-config-local.php
 |--wp-config.php

Everything works fine so far, but the problem is that I have to set my_project as the web root folder, so that an user can go to http:/my-project/vendor, for example, and see all my vendor packages, which I think it’s not good…

So, is there any way to set some .htaccess file or configure the virtual host in such a way that I can use that folder structure but do not allow anybody to access all those files and folders that are not absolutely necessary?

Related posts

Leave a Reply

2 comments

  1. I’m not sure exactly what you mean by

    so that an user can go to http:/my-project/vendor, for example, and
    see all my vendor packages

    so I’ll give you a few options.

    If the vendor packages are supposed to be completely private you can make it forbidden:

    RewriteRule ^/vendor - [F]
    

    If you want to whitelist an IP you might be using:

    <Directory /vendor>
      Order deny,allow
      Allow from 1.2.3.4
    </Directory>
    

    If you just want to prevent a listing of the files in /vendor

    <Directory /vendor>
      Options -Indexes
    </Directory>