WordPress and Password Protected Directories

Recently, I found myself working on a project where password protecting subdirectories with .htaccess and .htpasswd was needed, despite the insecure nature of such an implementation. After I added configured .htaccess, I noticed any of the links would generate a 404 Not Found error. If I removed .htaccess and .htpasswd, the links would work just fine.

I finally realized this was related the .htaccess file in the root directory WordPress owns. There are two ways to bypass the 404 error, which is a result of WordPress’ rewrite rules for permalinks.

First, you can edit the .htaccess file found in / and change the RewriteRule line in the following snippet of code:

to

So the end result can look like this:

The other way to bypass the 404 error is to add the following to the .htaccess file:

Note: You will need to create an error.html file, which can be simple, or customized. Here’s some sample text to get you started:

In some cases, when you update WordPress or certain plugins, the WordPress section of the .htaccess file will be over written and updated, which results in the 404 error returning. In this instance, you can use the other 401 redirect code (which can be added before the # Begin WordPress section) to achieve the same end result.

Reminder: All of my posts are provided "AS IS", imply no warranties, and confer no rights or special privileges. Use of included postings, code samples and other works are subject to the terms specified at Microsoft. For more information, click here.

Leave a Reply

Your email address will not be published. Required fields are marked *