Need to exclude an .htaccess/.htpasswd protected subdirectory from WordPress toplevel .htaccess

For years, I had a subdirectory such as

http://www.centerforward.com/test

available to myself for my personal use, password protected with .htaccess and .htpasswd, ie an .htaccess in /test with:
---------------------------------------------------
AuthUserFile /home/centerfo/public_html/test/.htpasswd
AuthGroupFile /dev/null
AuthName "Authorized user"
AuthType Basic

<Limit GET>
require user testuser
</Limit>
---------------------------------------------------
(with a corresponding .htpasswd that allowed "testuser" to login and see /test.

But when I made centerforward.com a WordPress site instead of a handcoded site, WordPress came with its own .htaccess that messed up my /test from working, and instead of resolving with the password login prompt, it would resolve to my WP website with a "404 Page not found" - as you can see now:

http://www.centerforward.com/test/

*IF* I remove the .htaccess from /home/centerfo/www/test/, (ie NO password protection), THEN it comes up fine.  But as soon as I put the .htaccess back (because I NEED password protection), the 404 not found comes back.

This link seemed to address my problem:

http://tanyanam.com/technology/wordpress-exclude-directory-from-url-rewrite-with-htaccess

But her solution for /home/centerfo/www/.htaccess didn't work for adding password protection inside /test:

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_URI} !^/(test|test/.*)$
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress

If I attempt the password protection in /test, then it's 404 not found, and if I remove the password protection (which I can't leave like that), then it resolves fine.

My linux admins are telling me this is outside the scope of that they can help me with (which is really lame).  I greatly appreciate any help, as well as recommendations for an affordable linux admin!!  

Thank you so much,
Alan
centerforwardAsked:
Who is Participating?
 
Jason C. LevineNo oneCommented:
*IF* I remove the .htaccess from /home/centerfo/www/test/, (ie NO password protection), THEN it comes up fine.  But as soon as I put the .htaccess back (because I NEED password protection), the 404 not found comes back.

This is a long-time issue with WordPress when attempting to protect a subdirectory.  Otto (one of the WordPress core developers) addresses it here:

http://wordpress.org/support/topic/htaccess-and-subdirectories

Read through that thread to see why it happens.  Quoting:

.htaccess files are additive. Whenever you request a page, the webserver basically goes through every directory down the tree from the root (specified by the closest match of <Directory ...> in the httpd.conf file), and adds all the .htaccess files together. As it traverses them, it parses each one. Later .htaccess files override previous ones, but only for the same specified items. RewriteRules are cumulative.

So what I think is going on is that the authorization in the password protected directory is forcing a 401 response ("Authorization Required") back to the client. Normally, the client would get the 401 and ask for a password.

However, in this case, this 401 response is intercepted by the WordPress RewriteRules which says to rewrite everything to WordPress. This is because .htaccess's are cumulative and your closest matching Directory is the root.

The solution (which is somewhat easy to miss) is:

In WordPress's .htaccess file, add this to the top of the file:

ErrorDocument 401 /path/to/onerror.html

See if that makes any difference. If it doesn't, add another line with 403 instead of 401.
0
 
centerforwardAuthor Commented:
YES ,,,,, THAT DID IT!!!!

Worked perfect.  Just added that dummy file, and the line and path to it in the main WP .htaccess.  As long as the sub .htaccess and .htpasswd are set up right, it finally prompts the pw login and works perfect. !

That has been driving me crazy for WEEKS man.  What a random and tricky solution,, I'm so glad you remembered that link and where to find it.  

THANK YOU SO MUCH !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.