I took me a while to understand that WordPress especially is rewriting the .htaccess so you no longer can use any other file, except the files accepted by WordPress on your web domain. This is why so many people are installing WordPress blog on a sub-domain or just in another folder and not directly into the root.

When using a CMS (Content Management System) like ModX or WordPress the problem you’re facing is that you’re no longer able to install a second application or to use some sort of files because the rewrites can cause 404 error.

I presented at that time an easy to implement solution for excluding of those desired files from .htaccess rewrite on a WordPress blog:

RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]

Today I come with a solution for excluding an entire folder from being rewritten in WordPress. The only thing you have to do is adding the following line to the previous block of code:

RewriteCond %{REQUEST_URI} !^/(foldername|foldername/.*)$

To make it work just replace “foldername” with your own that needs to be excluded from the rewrite. Here the entire block oh code you have to implement into your .htaccess files:

RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_URI} !^/(foldername|foldername/.*)$
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]

Hint: I am using WinSCP for accessing my ftp accounts and modify .htaccess files. It’s free and is a very good tool. And, by the way in comparison with others I tried is the only one showing me .htaccess files on the server. Tried before with Total Commander (very handy tool, too) but with no success.

I’ve choose BoxTrapper, a cPanel AddOn which protects your inbox from spam by forcing all people to reply to a verification email before their email will get into your inbox.

Setup:

1. open your WordPress blog and go to the General Settings page.
2. write into the E-mail address field an address in this format: whereveryouwant@yourdomainname.xxx (mine: ken@kensfi.com)

3. open cPanel pointing your web browser to www.yourdomainname.xxx/cpanel
4. fill in the username and password (the same you’re using for FTP)
5. click on Mail and then Add/Remove/Manage Accounts and click on Add Account (bottom of page).

6. enter the same email you entered at the 2nd step, enter a password and set up the quota (how much space of storage you assign for this email address) – try to be generous (at least a couple of hundreds of MB).
7. click on Create.
8. click on Go back (bottom of the page) twice

Now you should be back on Mail Manager Main Menu.

9. click on BoxTrapper Spam Trap; there should be listed your new email created. Click on Manage.
10. click on ENABLE button; you should receive a new message “BoxTrapper has been enabled on the account whereveryouwant@yourdomainname.xxx”.
11. press Go back; click on configure settings and here modify only the numbers of days you want an unverified message to be kept on the server. I’ve let it default – 15 days. Click on Save if you have been modified something and again push Go back.
12. now you’re back in BoxTrapper Configuration page. Fill free to modify whatever you want but don’t forget to click on Edit Forward/White/Black/Ignore Lists then Edit Forward list and write down the email address you want the verified messages to arrive – is better to use a regular email provider address like gmail or yahoo instead of using the server email, in this case, whereveryouwant@yourdomainname.xxx.

Now everything should be up and running. Just to make sure that everything is OK, make a few tests sending emails to whereveryouwant@yourdomainname.xxx and see what’s going on. You should receive back a verification email which you should replay unchanged. And Bang! The test message will get through to the email address you setup on the 12nd step. On this email address you’ll receive all the comments from your blog.

To review in a few words, BoxTrapper is forcing every comment we receive (not only on blogs, but regular websites too!) to be verified by the people who’s sending it by replaying it, a simple condition to verify if a comment is coming from a bot or from a person. Smart eh? :)

What I think about BoxTrapper? FORGET ABOUT WORDPRESS CAPTCHA! :)