htaccess for WP subdirectories

  • jkhongusc

    (@jkhongusc)


    12 years ago

    Is there an “official” method to protect WP virtual content subdirectories such as posts or pages?

    For example, when I first install WP there is a default blog created with 1 post and 1 page; and URLs that look like this:
    http://host.usc.edu/sample-page/
    http://host.usc.edu/blog/2012/01/01/hello-world/

    What I want to do is to add htaccess files for authentication/authorization to the /sample-page, /blog, and possibly /blog/2012 (or lower). I realize that there are plugins that can protect these content directories. For our enterprise we need htaccess to enforce our (enterprise) authN/authZ. For example, we may need to only allow certain groups access to content; groups which may be hundreds of users who we do not want to provision in WP.

    I have found out a way to do this, but it really is a hack which means that it may not fully work or may break in future upgrades. I can detail those customizations if necessary. Just came here to see if there is an easier, non-hack method of doing this.

Viewing 4 replies - 1 through 4 (of 4 total)
  • BeautyPirate

    (@beautypirate)

    12 years ago

    WordPress has a built it “Password required” function.
    Go to your posts on your dashboard and click Quick edit, there you
    can enter a password for your post. Works for pages, too.

    Thread Starter jkhongusc

    (@jkhongusc)

    12 years ago

    BeautyPirate –
    Thanks for the suggestion. We do similar things for content that is not sensitive but should be secured from the public. However for sensitive information that method is not secure enough for an enterprise. In addition it can be a nightmare managing those passwords when you have thousands of users and many sites.

    We have an established web single sign on here, Shibboleth for that matter. It is a requirement to use Shibboleth for authentication, hence our requirement to need htaccess files to access certain WP (virtual) content.

    BeautyPirate

    (@beautypirate)

    12 years ago

    There is one little problem. WordPress does not create subdirectories for your pages and posts, it´s a database based system, meaning the permalinks ACTUALLY don´t really exist as pages like on a regular website. Hence, no folder to put your .htaccess file in for individual pages.

    Thread Starter jkhongusc

    (@jkhongusc)

    12 years ago

    My hack to protect a WP page (does not map to a real directory). Note that this is a hack and even if it works with 3.3.1 my concern is that it might break after future upgrades to WP.

    This example will add a htaccess file to protect http://host.usc.edu/sample-page/

    1) Create a directory on filesystem (I like to use the hostname and uri):
    <any path>/host/sample-page
    2) Update httpd.conf, so if httpd sees http://host.usc.edu/sample-page/, use <any path>/host/sample-page as the DocumentRoot

    <IfModule mod_rewrite.c>
        RewriteEngine on
        RewriteCond %{HTTP_HOST} ^host\.usc\.edu$ [NC]
        RewriteRule ^(.*) <any path>/host/sample-page/$1 [L]
</IfModule>

    3) copy the htaccess file from the WP installation directory to <any path>/host/sample-page and modify the directory paths. And add authentication directives on top:

    AuthName "Restricted Area"
AuthType Basic
AuthUserFile <any path>/host/sample-page/.htpasswd
require valid-user

# BEGIN WordPress - multi-domain setting
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]

# uploaded files
RewriteRule ^files/(.+) wp-includes/ms-files.php?file=$1 [L]

RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^ - [L]
RewriteRule . <wp install dir>/index.php [L]
# END WordPress

    4) My htpasswd file:

    # password
user:3FqgIJWu55Xd.

    5) Now if you hit http://host.usc.edu/sample-page/, you will be prompted by the browser for Basic Authentication. Enter user/password to access url.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘htaccess for WP subdirectories’ is closed to new replies.

Tags