Quick post that explains how to fix the error, “The authorization header is missing”. This error may be found under “recommended improvements” in the WordPress Site Health tool (located under the WP menu ▸ Tools ▸ Site Health).

When running a Site Health check, the “authorization header” warning happens when you’ve upgraded WordPress (to version 5.6 or better) and have Permalinks enabled, but the site’s .htaccess rules have not been updated with the latest. This DigWP tutorial explains what’s happening and shows how to fix the error easily with a few clicks.

As discussed, it’s important to protect your site by setting proper file permissions on the server. This can be tricky for certain directories such as /uploads/, /upgrade/, and /backups/, which need to be writable by the server in order for things like uploads, upgrades, and backups to work.

It sucks, but a lot of plugins require certain directories to be set at CHMOD 777 for its file permissions. Of course, you should not use any plugin that requires 777 directories, but if you absolutely must, you can help protect the folder by adding a thin slice of htaccess. This works great for any directory requiring “loose-ish” permissions (i.e., anything greater than 755), and may also be useful for other key folders as well.

Here are six htacccess tricks that will help improve the security and SEO quality of your WordPress-powered site. We do this using .htaccess to establish canonical URLs for key peripheral files, such as your robots.txt, favicon.ico, and sitemap.xml files. Canonicalization keeps legitimate bots on track, eliminates malicious behavior, and ensures a better user-experience for everyone. On the menu:

While manually upgrading a bunch of old WordPress sites, I realized that the WordPress htaccess rules for permalinks had changed. For many years and versions, the htaccess code that enables WordPress permalinks went unchanged, resulting in an almost sacred set of htaccess directives. Here are the original permalink rules as currently provided at the WordPress Codex:

The default URL for logging into your WordPress powered site is: http://example.com/wp-login.php. Or if you’ve installed in a subdirectory, something like http://example.com/wp/wp-login.php. I’ve wished that was a little cleaner, especially when you are doing something explaining to a client where to log in over the phone. Fortunately changing this can be very easy.