How to make Prevent Direct Access work on Bitnami

By default, Bitnami disable .htaccess files for security and performance reasons. They move the configuration in these .htaccess to the main application configuration files instead. In case of WordPress, it’s the htaccess.conf file under /opt/bitnami/apps/wordpress/conf/ folder.

So here are 3 simple steps that what you can do to make our Prevent Direct Access Gold work on Bitnami:

  1. Under your WordPress admin, go to Settings > Permalinks, copy the mod_rewrite rules at the bottom of the page which looks something like the following:

    For version 3.0 and above

    # Prevent Direct Access Rewrite Rules for version 3.x.x
    RewriteRule ^private/([a-zA-Z0-9-_]+)$ index.php?pda_v3_pf=$1&pdav3_rexypo=ymerexy [L]
    RewriteCond %{REQUEST_FILENAME} -s
    RewriteCond %{HTTP_USER_AGENT} !facebookexternalhit/[0-9]
    RewriteCond %{HTTP_USER_AGENT} !Twitterbot/[0-9]
    RewriteCond %{HTTP_USER_AGENT} !Googlebot/[0-9]
    RewriteRule ^wp-content/uploads(/_pda/.*\.\w+)$ index.php?pda_v3_pf=$1 [L]
    # Prevent Direct Access Rewrite Rules End

    For version 2.x.x.

    # Prevent Direct Access Rewrite Rules for version 2.x.x
    RewriteRule private/([a-zA-Z0-9-_]+)(/auth-[a-zA-Z0-9-_]+){0,1}$ index.php?pre_dir_acc_61co625547=$1&custom_181191=$2 [L]
    RewriteCond %{REQUEST_FILENAME} -s
    RewriteCond %{HTTP_USER_AGENT} !facebookexternalhit/[0-9]
    RewriteCond %{HTTP_USER_AGENT} !Twitterbot/[0-9]
    RewriteCond %{HTTP_USER_AGENT} !Googlebot/[0-9]
    RewriteCond %{REQUEST_URI} !\.(?:css|js)$ [NC]
    RewriteRule wp-content/uploads/(.+)(\.)([A-Za-z0-9]+)$ index.php?pre_dir_acc_61co625547=$1&is_direct_access=true&file_type=$3 [QSA,L]

  2. Locate and open htaccess.conf file (create one if necessary)
  3. Paste those codes on step 1 into that file
    <Directory /opt/bitnami/apps/wordpress/htdocs/>
    /* put your mod_rewrite rules here */
    </Directory>
  4. Restart Apache
    Here you go! Our Prevent Direct Access Gold plugin should be working well on your website now.

PS: If you change your Private URL Prefix (on our Settings page), you need to replace the word private on the htaccess rewrite rules above accordingly.

Lasted updated on June 1, 2018