WordPress has a built it “Password required” function.
Go to your posts on your dashboard and click Quick edit, there you
can enter a password for your post. Works for pages, too.
BeautyPirate –
Thanks for the suggestion. We do similar things for content that is not sensitive but should be secured from the public. However for sensitive information that method is not secure enough for an enterprise. In addition it can be a nightmare managing those passwords when you have thousands of users and many sites.
We have an established web single sign on here, Shibboleth for that matter. It is a requirement to use Shibboleth for authentication, hence our requirement to need htaccess files to access certain WP (virtual) content.
There is one little problem. WordPress does not create subdirectories for your pages and posts, it´s a database based system, meaning the permalinks ACTUALLY don´t really exist as pages like on a regular website. Hence, no folder to put your .htaccess file in for individual pages.
My hack to protect a WP page (does not map to a real directory). Note that this is a hack and even if it works with 3.3.1 my concern is that it might break after future upgrades to WP.
This example will add a htaccess file to protect http://host.usc.edu/sample-page/
1) Create a directory on filesystem (I like to use the hostname and uri):
<any path>/host/sample-page
2) Update httpd.conf, so if httpd sees http://host.usc.edu/sample-page/, use <any path>/host/sample-page as the DocumentRoot
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_HOST} ^host\.usc\.edu$ [NC]
RewriteRule ^(.*) <any path>/host/sample-page/$1 [L]
</IfModule>
3) copy the htaccess file from the WP installation directory to <any path>/host/sample-page and modify the directory paths. And add authentication directives on top:
AuthName "Restricted Area"
AuthType Basic
AuthUserFile <any path>/host/sample-page/.htpasswd
require valid-user
# BEGIN WordPress - multi-domain setting
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
# uploaded files
RewriteRule ^files/(.+) wp-includes/ms-files.php?file=$1 [L]
RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^ - [L]
RewriteRule . <wp install dir>/index.php [L]
# END WordPress
4) My htpasswd file:
# password
user:3FqgIJWu55Xd.
5) Now if you hit http://host.usc.edu/sample-page/, you will be prompted by the browser for Basic Authentication. Enter user/password to access url.