Wordpress 404 issue with certain requests containg the string "admin-"

Question

I have a wordpress page that generally works, but tonight, when updating the menu didnt work, I realized that something isn't working. So after choosing which menu items I want to add to the menu and hitting the button "Add to menu" the loading-circle starts to rotate endlesly. After inspecting more details in the developer-console, I see the following:

The GET request to https://URL/wp-admin/-ajax.php results in a 404. The wp-admin/-ajax.php doesnt look right to me. It should actually be wp-dmin/admin-ajax.php. So for some reason the admin part gets stripped away.

I notice the same symptom for loading some CSS files: https://URL/wp-admin/-bar.min.js can also not be loaded. I think this should in fact be admin-bar.min.js.

My .htaccess looks as follows:

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress

I also already tried to disable all plugins to no avail.

Any hints on what could cause this issue? What can caus removing the admin part from these requests?

EDIT: Could the following apache-config be the cause?

RedirectMatch permanent /admin(.*) https://konferenzimforum.at/wp-admin/$1

Answer 1

Why this happens in your configuration

The configuration line you included from your Apache config file is almost certainly the root cause of this behavior. To understand why this is, we must dive just a bit deeper into what the line actually does:

RedirectMatch permanent

Simply enough, this declares a permanent (HTTP code 301) redirect based on a RegExp pattern matching operation.

/admin(.*)

This pattern basically tells Apache, "match any URL that contains /admin, followed by any character, any number of times, while capturing the text after the /admin substring into a temporary variable, $1".

https://konferenzimforum.at/wp-admin/$1

This string then takes that earlier-captured value and instructs Apache to redirect the requestor to the URL https://konferenzimforum.at/wp-admin/, with the earlier-captured value appended to the end.

When this is applied to the URL in your example, wp-admin/admin-ajax.php would become wp-admin/-ajax.php, because /admin triggers the match, then uses the remainder of the URL captured in $1 as a post-fix, which then creates the non-existent URLs you're seeing in your browser's development tools. You can see a more visual & plain-English representation of how this pattern works in practice by using this Regex101. You'll notice on that page that the part that gets removed in your configuration is highlighted a different color than the part of the URL that gets passed through to the redirected URL.

---

How you can resolve it

There are a number of ways to resolve this; the easiest is probably to just remove this rule entirely (as it's not clear based solely on the information in the question why this rule would be necessary in the first place).

Another way to do it would be to ensure that only requests to /admin/* are matched, instead of arbitrarily matching all URLs that include a /admin sequence (which, as you've seen, can inadvertently target files beginning with /admin), which seems to be more of what you're trying to do (redirect requests for /admin to the appropriate /wp-admin resource):

RedirectMatch permanent /admin/(.*) https://konferenzimforum.at/wp-admin/$1