Searching for the same issue. I have two sites running WP. On one, the password protection works; the other gives the 404 page. blah
You don’t need
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_URI} ^/(failed_auth\.html).*$ [NC]
RewriteRule . - [L]
</IfModule>
At the end of the file, just add
AuthType Basic
AuthName "restricted area"
AuthUserFile /home/yourusername/html/protected-dir/.htpasswd
require valid-user
You would need to generate the .htpasswd file using a tool like
http://www.kxs.net/support/htaccess_pw.html
and save it as declared above, which is
/home/yourusername/html/protected-dir/.htpasswd
Please note that this is not the exact path, if you use cPanel, it should be something similar to
/home/yourusername/public_html/protected-password/.htpasswd
where you can create a folder called “protected-password” or save the file else where you want that is above public_html so it can’t be accessed publicly by your site visitors.
@ Self Hosted WP.com – I was using the tool in cPanel to assist with creating the .htaccess entries and password files. But I’d get a redirect with a 404 error. The solution ended up being simple:
at the top of /.htaccess add
#next two lines allow password protected directories with 404 errors
ErrorDocument 401 ./error.html
ErrorDocument 403 ./error.html
#
then create error.html file.
@westpointer Thanks for sharing. Usually that isn’t necessary, maybe it’s due to Apache core settings.
Glad it’s solved.
@ WestPointer — I’d like to try your solution, but I’ve got questions.
1) Those two lines — I add them at the beginning of the .htaccess file that’s in the root of the Web site, right? Not in the .htaccess file that’s in the password-protected directory, right?
2) I don’t understand what the error.html file does. Could you give an example of what goes in that file?
3) Am I correct that the error.html file goes in the root of the Web site?
Thanks for your help!
@charlie:
1)Correct
2) It’s just a simple HTML file, you can put a simple message or customized beautiful page. The following basic HTML will do:
<html>
<head>
<title>401 Error</title>
</head>
<body>
<h1>Sorry, 401 Error...</h1>
</body>
</html>
3) Yes.
I was trying to solve the same problem with WordPress’s rewrite rule interfering with .htpasswd protected folders. The simplest solution is actually to change WordPress’s rewrite rule
From
RewriteRule . /index.php [L]
To
RewriteRule ./ /index.php [L]
With this, the additional block of rewrite rule doesn’t seem to be needed anymore.
@xephan Thanks for sharing!
@xephan… Thanks indeed!
There really shouldn’t be this level of challenge encountered when sites require non-WP-related password-protected directories to co-exist at the same level.
Indeed, such accommodation should be defacto OOTB.
Thanks, @xephan!
After trying the several other solutions and failing, I decided to give this a shot.
And it works beautifully.
Siteground also recommends this same procedure. Lets hope my htaccess does not get overwritten by some other plugin.
http://kb.siteground.com/how_to_exclude_a_folder_from_wordpress_permalinks/
Thanks @amitramani — updating the WordPress main .htaccess file as explained simply in the link you provided worked perfect for me!
http://kb.siteground.com/how_to_exclude_a_folder_from_wordpress_permalinks/
So my main .htaccess file is this:
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
#RewriteRule . /index.php [L] # replaced with next line...
RewriteRule ./ /index.php [L]
</IfModule>
# END WordPress
And my subfolder that I want to password protect has .htaccess file:
AuthType Basic
AuthName "Password Protected Area"
AuthUserFile /home/juice/.htpasswds/.htpasswd
Require valid-user
And no more WordPress 404 error! Woohoo!
Thanks again,
Marty McGee
I edited .htaccess to
RewriteRule ./ /index.php [L]
It worked fine to get the password protected directory working. My problem now is that the 404 page changes. I get a generic 404 error, rather than the 404 theme page I’m using.
If I go to a URL that doesn’t exist like mydomain.com/test I get this:
Not Found
The requested URL /test was not found on this server.
Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
However, if I go to mydomain.com/test/ (with the ending slash) I get the 404 page from my theme, with the template, sidebar, etc.
Is there something I can to to ensure I always get the 404 page from my theme, and not the generic 404?
Thanks,
Don