When I enter wordpress https://example.com/wp-comments-post.php, I get a http 405 error. 404 redirect does not occur

Question

I am using WordPress. When I try to go to the https://example.com/wp-comments-post.php page I get an HTTP 405 error. I added a 404 redirect code to the .htaccess file for the 405 error.

ErrorDocument 405 https://example.com/404/

However, I'm still seeing a 405 error. I looked at the link and there is https, not http. I made a 404 redirect for this filename. Redirected to 404 page, but this time I can't comment.

<files wp-comments-post.php > 
order allow,deny 
deny from all
</files>

I want to make a 404 redirect when someone enters this page. I also want to send comments without any problems.

What can I do for it?

Answer 1

When I try to go to the https://example.com/wp-comments-post.php page I get an HTTP 405 error.

This is by design. When you make a request for this file, that is anything other than a POST request, the script itself returns a "405 Method Not Allowed" response. When you request the file directly in the browser you are making a GET request.

I added a 404 redirect code to the .htaccess file for the 405 error.

 ErrorDocument 405 https://example.com/404/

This alone is not going to do anything, since it is PHP that is returning the 405, not Apache.

Note also, since you have specified an absolute URL, this triggers a 302 (temporary) redirect to the error document - which is generally a bad idea when serving error documents. Unless you have a specific requirement to do this, you should specify a root-relative URL-path instead in order to trigger an internal subrequest (hidden from the user).

I made a 404 redirect for this filename. Redirected to 404 page, but this time I can't comment.

 <files wp-comments-post.php > order allow,deny deny from all </files>

You are using the term "redirect" incorrectly here. This is not a "redirect". This also does not trigger a 404; it triggers a "403 Forbidden" response instead. ( Order and Deny are Apache 2.2 directives - I would think you are more likely to be using Apache 2.4, so should be using the newer Require all denied directive instead.)

As suggested by the initial 405 response, wp-comments-post.php needs to be accessible via POST requests (in order to allow comments) so you can't block this file outright from all access. You can only block requests that are not POST requests.

You could add a <LimitExcept POST> wrapper to this block, however, you are still returning a "403 Forbidden" response, not a "404 Not Found".

To return a 404 response you would need to use mod_rewrite instead, at the top of your .htaccess file, before any existing WordPress directives. For example:

RewriteCond %{REQUEST_METHOD} !POST
RewriteRule ^wp-comments-post\.php$ - [R=404]

This would then serve the Apache 404 error document for any requests to /wp-comments-post.php that are not POST requests.

If the goal is to simply customise the 405 response then change the above R=404 flag to R=405 and define your ErrorDocument 405 how you wish. Despite the use of the R flag, this is not an external redirect.

For example:

ErrorDocument 405 /errors/custom-405-response.php

RewriteCond %{REQUEST_METHOD} !POST
RewriteRule ^wp-comments-post\.php$ - [R=405]