[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

Need to exclude an .htaccess/.htpasswd protected subdirectory from WordPress toplevel .htaccess

Posted on 2014-01-03
2
Medium Priority
?
1,432 Views
Last Modified: 2014-01-04
For years, I had a subdirectory such as

http://www.centerforward.com/test

available to myself for my personal use, password protected with .htaccess and .htpasswd, ie an .htaccess in /test with:
---------------------------------------------------
AuthUserFile /home/centerfo/public_html/test/.htpasswd
AuthGroupFile /dev/null
AuthName "Authorized user"
AuthType Basic

<Limit GET>
require user testuser
</Limit>
---------------------------------------------------
(with a corresponding .htpasswd that allowed "testuser" to login and see /test.

But when I made centerforward.com a WordPress site instead of a handcoded site, WordPress came with its own .htaccess that messed up my /test from working, and instead of resolving with the password login prompt, it would resolve to my WP website with a "404 Page not found" - as you can see now:

http://www.centerforward.com/test/

*IF* I remove the .htaccess from /home/centerfo/www/test/, (ie NO password protection), THEN it comes up fine.  But as soon as I put the .htaccess back (because I NEED password protection), the 404 not found comes back.

This link seemed to address my problem:

http://tanyanam.com/technology/wordpress-exclude-directory-from-url-rewrite-with-htaccess

But her solution for /home/centerfo/www/.htaccess didn't work for adding password protection inside /test:

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_URI} !^/(test|test/.*)$
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress

If I attempt the password protection in /test, then it's 404 not found, and if I remove the password protection (which I can't leave like that), then it resolves fine.

My linux admins are telling me this is outside the scope of that they can help me with (which is really lame).  I greatly appreciate any help, as well as recommendations for an affordable linux admin!!  

Thank you so much,
Alan
0
Comment
Question by:centerforward
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 70

Accepted Solution

by:
Jason C. Levine earned 2000 total points
ID: 39755099
*IF* I remove the .htaccess from /home/centerfo/www/test/, (ie NO password protection), THEN it comes up fine.  But as soon as I put the .htaccess back (because I NEED password protection), the 404 not found comes back.

This is a long-time issue with WordPress when attempting to protect a subdirectory.  Otto (one of the WordPress core developers) addresses it here:

http://wordpress.org/support/topic/htaccess-and-subdirectories

Read through that thread to see why it happens.  Quoting:

.htaccess files are additive. Whenever you request a page, the webserver basically goes through every directory down the tree from the root (specified by the closest match of <Directory ...> in the httpd.conf file), and adds all the .htaccess files together. As it traverses them, it parses each one. Later .htaccess files override previous ones, but only for the same specified items. RewriteRules are cumulative.

So what I think is going on is that the authorization in the password protected directory is forcing a 401 response ("Authorization Required") back to the client. Normally, the client would get the 401 and ask for a password.

However, in this case, this 401 response is intercepted by the WordPress RewriteRules which says to rewrite everything to WordPress. This is because .htaccess's are cumulative and your closest matching Directory is the root.

The solution (which is somewhat easy to miss) is:

In WordPress's .htaccess file, add this to the top of the file:

ErrorDocument 401 /path/to/onerror.html

See if that makes any difference. If it doesn't, add another line with 403 instead of 401.
0
 

Author Closing Comment

by:centerforward
ID: 39756653
YES ,,,,, THAT DID IT!!!!

Worked perfect.  Just added that dummy file, and the line and path to it in the main WP .htaccess.  As long as the sub .htaccess and .htpasswd are set up right, it finally prompts the pw login and works perfect. !

That has been driving me crazy for WEEKS man.  What a random and tricky solution,, I'm so glad you remembered that link and where to find it.  

THANK YOU SO MUCH !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
0

Featured Post

Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you've heard about htaccess and it sounds like it does what you want, but you're not sure how it works... well, you're in the right place. Read on. Some Basics #1. It's a file and its filename is .htaccess (yes, with a dot in the front). #…
I annotated my article on ransomware somewhat extensively, but I keep adding new references and wanted to put a link to the reference library.  Despite all the reference tools I have on hand, it was not easy to find a way to do this easily. I finall…
The purpose of this video is to demonstrate how to make a WordPress Site faster and smaller in size by cleaning up the database. This will be demonstrated using a Windows 8 PC. Plugin WP Optimize will be used. Go to your WordPress login page. T…
The purpose of this video is to demonstrate how to Test the speed of a WordPress Website. Site Speed is an important metric of a site’s health. Slow site speed can result in viewers leaving your site quickly and not seeing your content. This…
Suggested Courses

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question