How to make Prevent Direct Access work on Bitnami and AWS Lightsail

Table of Contents

• Bitnami Apache
• Bitnami NGINX

Apache Server

By default, Bitnami disables .htaccess files for security and performance reasons. They move the configuration in these .htaccess files to the main application configuration file instead. In the case of WordPress, it’s the htaccess.conf file under /opt/bitnami/apps/wordpress/conf folder.

For compatibility purposes, you should put our custom rewrite rules under htaccess.conf file instead.

So here are 3 simple steps that you can do to make our Prevent Direct Access Gold work on Bitnami Apache server:

Step 1: Under your WordPress admin, navigate to Prevent Direct Access Gold >> Status and switch to Tool tab.

You should see the content of your .htaccess file containing our custom rewrite rules as image below.

Simply copy all codes between the <IfModule> sections.

For version 3.0 and above

# Prevent Direct Access Rewrite Rules for version 3.x.x
RewriteRule ^private/([a-zA-Z0-9-_]+)$ index.php?pda_v3_pf=$1&pdav3_rexypo=ymerexy [L]
RewriteCond %{REQUEST_FILENAME} -s
RewriteCond %{HTTP_USER_AGENT} !facebookexternalhit/[0-9]
RewriteCond %{HTTP_USER_AGENT} !Twitterbot/[0-9]
RewriteCond %{HTTP_USER_AGENT} !Googlebot/[0-9]
RewriteRule ^wp-content/uploads(/_pda/.*\.\w+)$ index.php?pda_v3_pf=$1 [L]
# Prevent Direct Access Rewrite Rules End

For version 2.x.x.

# Prevent Direct Access Rewrite Rules for version 2.x.x
RewriteRule private/([a-zA-Z0-9-_]+)(/auth-[a-zA-Z0-9-_]+){0,1}$ index.php?pre_dir_acc_61co625547=$1&custom_181191=$2 [L]
RewriteCond %{REQUEST_FILENAME} -s
RewriteCond %{HTTP_USER_AGENT} !facebookexternalhit/[0-9]
RewriteCond %{HTTP_USER_AGENT} !Twitterbot/[0-9]
RewriteCond %{HTTP_USER_AGENT} !Googlebot/[0-9]
RewriteCond %{REQUEST_URI} !\.(?:css|js)$ [NC]
RewriteRule wp-content/uploads/(.+)(\.)([A-Za-z0-9]+)$ index.php?pre_dir_acc_61co625547=$1&is_direct_access=true&file_type=$3 [QSA,L]

Step 2:  Find and open your .htaccess config file normally located at

/opt/bitnami/apps/wordpress/conf/htaccess.conf

If not, the .htaccess file can be found at:

# the main application configuration file
/opt/bitnami/apache2/conf/vhosts/wordpress-vhost.conf 
OR
/opt/bitnami/apache2/conf/vhosts/htaccess/wordpress-htaccess.conf

If your WordPress application doesn’t have a wordpress-htaccess.conf file yet, you should create it manually.

Step 3: Paste those codes on step 1 on top of the file as below:

<Directory /opt/bitnami/apps/wordpress/htdocs/>

# Put your rules here

</Directory>

In the above code, you may need to change your WordPress directory accordingly, such as

<Directory "/opt/bitnami/wordpress">

Step 4: Restart Apache to make the new rules implemented

sudo /opt/bitnami/ctlscript.sh restart apache

Here you go! Our Prevent Direct Access Gold plugin should be working well on your website now.

Video Walkthrough

This video takes you through the process of configuring .htaccess file.

NGINX Server

1. Copy the rewrite rules shown on Prevent Direct Access Gold Settings page
   
2. Find and open your Bitnami Nginx config file normally located at

   /opt/bitnami/nginx/conf/bitnami/bitnami.conf

3. Put it inside the server block. Here are entire codes:

   # HTTP server
   
   server {
       listen 80;
       server_name localhost;
   
       rewrite wp-content/uploads(/_pda/.*\.\w+)$ "/index.php?pda_v3_pf=$1" last;
       rewrite private/([a-zA-Z0-9-_]+)$ "/index.php?pda_v3_pf=$1&pdav3_rexypo=ymerexy" last;
       #include "/opt/bitnami/nginx/conf/bitnami/phpfastcgi.conf";
   
       include "/opt/bitnami/nginx/conf/bitnami/bitnami-apps-prefix.conf";
   }
   
   # HTTPS server
   
   server {
   
        listen 443 ssl;
        server_name localhost;
   
        ssl_certificate server.crt;
        ssl_certificate_key server.key;
   
        ssl_session_cache shared:SSL:1m;
        ssl_session_timeout 5m;
   
        ssl_ciphers HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers on;
        
        # put our rewrite rules here
        rewrite wp-content/uploads(/_pda/.*\.\w+)$ "/index.php?pda_v3_pf=$1" last;
        rewrite private/([a-zA-Z0-9-_]+)$ "/index.php?pda_v3_pf=$1&pdav3_rexypo=ymerexy" last;
        #include "/opt/bitnami/nginx/conf/bitnami/phpfastcgi.conf";
   
        include "/opt/bitnami/nginx/conf/bitnami/bitnami-apps-prefix.conf";
   }
   
   include "/opt/bitnami/nginx/conf/bitnami/bitnami-apps-vhosts.conf";

4. Restart your Nginx server:

   sudo /opt/bitnami/ctlscript.sh restart nginx

5. Go back to our PDA Gold settings page. Click on “Check rewrite rules” button.
   Our Prevent Direct Access Gold should be now working on your website.

PS: If you change your Private URL Prefix (on our Settings page), you need to replace the word private on the htaccess rewrite rules above accordingly.