I am currently running into an issue with trying to password protect a directory that is sitting inside a directory that's running WordPress. This is for a directory called "admin" that handles a few things outside of WP.
In my WordPress .htaccess file, I have set a rule to ignore this directory.
RewriteEngine On
RewriteBase /
RewriteRule ^(admin|index\.php)$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
When I go to my admin directory, it works just fine and I'm able to see what I should be seeing (basic PHP stuff).
However, when I try and password protect that directory by putting an .htaccess and .htpassword file in there, I get a WordPress 404 error. This is what it looks like:
AuthUserFile /home/myuser/public_html/admin/.htpasswd
AuthName "Password Protected Area"
AuthType Basic
<limit GET POST>
require valid-user
</limit>
It (obviously) has something to do with the "require valid-user" line. This particular .htaccess/.htpasswd file worked just fine on a similar server set up.
Any thoughts?
Best Answer
Try closing your browser and then trying to connect. You may have cached credentials that are being used.
If you have multiple secured directories with different passwords, use different values for the
Authname.EDIT: Try moving the Require outside the Limit statement. I always group the Auth definitions with the Require statement in the same block.
Your error seems to indicate the requested resource does not exist or is not readable. Try removing your rewrite modifications for
admin. The standard rewrite rules work well with directories and files mixed into the Wordpress installation.You may want to use a LimitExcept block instead of a Limit block to prevent access other than GET or POST. This is my working .htaccess file.
Make sure the .ht* files are readable by the web server. I test unauthorized access by changing the user id in the
htpasswdfile to one I haven't used.