htacess & password-protected directories

  • Resolved Garth Penglase

    (@gpenglase)


    13 years, 3 months ago

    Activating SEF urls in WordPress will break any access to protected directories on your domain.

    Standard WordPress htaccess entry:
    # BEGIN WordPress
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
    </IfModule>
    # END WordPress

    Don’t despair. There are a few ways to get around this.

    1. Edit the standard WordPress rewrite instructions in the htaccess file:

    If you only have FTP access and not DNS/Cpanel access then the following tweak to your htaccess will be useful:

    [change subdir to the name of your password-protected sub directory]

    # BEGIN WordPress
    <IfModule mod_rewrite.c>
    RewriteBase /
    RewriteCond %{REQUEST_URI} ^/subdir/ [OR]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
    </IfModule>
    # END WordPress

    2. Create an error document and add it to your htaccess structure:

    You need to create one file and edit the .htaccess in the password protected directory.

    401.html
    Create a 401.html file in a separate directory (or in root) than the password protected directory. Then put the below error message in the 401.html file:
    AUTHENTICATION REQUIRED
    You need a username and password to access this area.

    /protected-dir/.htaccess
    Then edit the .htaccess file in the password protected directory. The authorization rules should already be set-up. Above the rules add:
    ErrorDocument 401 /forms/401.html

    so you’d end up with:

    # BEGIN WordPress
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    ErrorDocument 401 /forms/401.html
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
    </IfModule>
    # END WordPress

    3. Use a subdomin instead.

    Neater and saves mucking around with htaccess entries), but you need access to your DNS setup and your hosting control panel.

    So instead of <domainname>/subdir use subdir.<domainname>

    1. Setup the Subdomain in your DNS.
    2. Add subdomain in your Cpanel (or whatever hosting admin you use).

    So, whichever is your preferred option, one of these ideas will work for you to solve a tricky little problem.

  • The topic ‘htacess & password-protected directories’ is closed to new replies.

Tags