Thread: WordPress Incorrect HTTP Reponse When Page Not Found

One WordPress site on one of my servers is giving an incorrect HTTP response code when a page can not be found. On the end-user side, the user sees a custom 404 page. But on the web-server side Apache is giving a 200 or 300 response (not sure which one) instead of a 404 response. Other WP sites on the same server give the correct response code.

This error was discovered by McAffee SiteAdvisor:

It appears that the Web site freewomensblogs.com (or www.freewomensblogs.com) is returning an HTTP 2xx or 3xx status response code in the header of 404 pages.

We cannot verify a Web site that is configured this way because it allows anyone to verify themselves as the owner of your site. Please update your Web site server configuration to return 404 status codes in the headers for pages that do not exist. Once your site is configured this way then you can return and request a file name verification.

Please help.

This is the .htaccess file which is currently in use on the site:

Code:

RewriteEngine On
RewriteBase /

#uploaded files
RewriteRule ^(.*/)?files/$ index.php [L]
RewriteRule ^(.*/)?files/(.*) wp-content/blogs.php?file=$2 [L]

# add a trailing slash to /wp-admin
RewriteCond %{REQUEST_URI} ^.*/wp-admin$
RewriteRule ^(.+)$ /$1/ [R=301,L]

RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule . - [L]
RewriteRule  ^([_0-9a-zA-Z-]+/)?(wp-.*) $2 [L]
RewriteRule  ^([_0-9a-zA-Z-]+/)?(.*\.php)$ $2 [L]
RewriteRule . index.php [L]

<IfModule mod_security.c>
<Files async-upload.php>
SecFilterEngine Off
SecFilterScanPOST Off
</Files>

RewriteCond %{HTTP_HOST} ^freewomensblogs.info$ [OR]
RewriteCond %{HTTP_HOST} ^www.freewomensblogs.info$
RewriteRule ^(.*)$ "http\:\/\/freewomensblogs\.com\/" [R=301,L]


RewriteCond %{HTTP_REFERER} !^http://(.+\.)?freewomensblogs\.com/ [NC]
RewriteCond %{HTTP_REFERER} !^$
RewriteRule .*\.(jpe?g|gif|bmp|png)$ /images/nohotlink.jpe [L]

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>


# END WordPress

The problem might be with McAffee. I just checked a couple of pages with a header checker and WordPress is generating a proper status code 404.

http://web-sniffer.net/


Is there a specific page that McAffee says is generating the wrong status code? There could be a conflict with certain pages.

It looks like there may be both old and new WordPress code in the .htaccess, plus a 301 redirect that is no longer necessary. WordPress generates its own 301 and 404 status codes for most pages.

It also looks like there is a missing closing conditional tag for checking to see if mod_security is active. I'm not sure why that is in there.

You no longer need the code to add the training slash to wp-admin

Let's try stripping it down a bit. Try replacing the .htaccess with this and see what happens. Keep a copy of the old .htaccess just in case something else doesn't work correctly.

Code:

RewriteEngine On
RewriteBase /

#uploaded files
RewriteRule ^(.*/)?files/$ index.php [L]
RewriteRule ^(.*/)?files/(.*) wp-content/blogs.php?file=$2 [L]

<IfModule mod_security.c>
<Files async-upload.php>
SecFilterEngine Off
SecFilterScanPOST Off
</Files>
</IfModule>


# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

The problem turned out to be the 301 redirect from freewomensblogs.info to freewomensblogs.com

Code:

RewriteCond %{HTTP_HOST} ^freewomensblogs.info$ [OR]
RewriteCond %{HTTP_HOST} ^www.freewomensblogs.info$
RewriteRule ^(.*)$ "http\:\/\/freewomensblogs\.com\/" [R=301,L]

Removing that fixed it so 404 pages show a true 404 response code.