Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Need to exclude an .htaccess/.htpasswd protected subdirectory from WordPress toplevel .htaccess

Posted on 2014-01-03
2
1,291 Views
Last Modified: 2014-01-04
For years, I had a subdirectory such as

http://www.centerforward.com/test

available to myself for my personal use, password protected with .htaccess and .htpasswd, ie an .htaccess in /test with:
---------------------------------------------------
AuthUserFile /home/centerfo/public_html/test/.htpasswd
AuthGroupFile /dev/null
AuthName "Authorized user"
AuthType Basic

<Limit GET>
require user testuser
</Limit>
---------------------------------------------------
(with a corresponding .htpasswd that allowed "testuser" to login and see /test.

But when I made centerforward.com a WordPress site instead of a handcoded site, WordPress came with its own .htaccess that messed up my /test from working, and instead of resolving with the password login prompt, it would resolve to my WP website with a "404 Page not found" - as you can see now:

http://www.centerforward.com/test/

*IF* I remove the .htaccess from /home/centerfo/www/test/, (ie NO password protection), THEN it comes up fine.  But as soon as I put the .htaccess back (because I NEED password protection), the 404 not found comes back.

This link seemed to address my problem:

http://tanyanam.com/technology/wordpress-exclude-directory-from-url-rewrite-with-htaccess

But her solution for /home/centerfo/www/.htaccess didn't work for adding password protection inside /test:

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_URI} !^/(test|test/.*)$
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress

If I attempt the password protection in /test, then it's 404 not found, and if I remove the password protection (which I can't leave like that), then it resolves fine.

My linux admins are telling me this is outside the scope of that they can help me with (which is really lame).  I greatly appreciate any help, as well as recommendations for an affordable linux admin!!  

Thank you so much,
Alan
0
Comment
Question by:centerforward
2 Comments
 
LVL 70

Accepted Solution

by:
Jason C. Levine earned 500 total points
ID: 39755099
*IF* I remove the .htaccess from /home/centerfo/www/test/, (ie NO password protection), THEN it comes up fine.  But as soon as I put the .htaccess back (because I NEED password protection), the 404 not found comes back.

This is a long-time issue with WordPress when attempting to protect a subdirectory.  Otto (one of the WordPress core developers) addresses it here:

http://wordpress.org/support/topic/htaccess-and-subdirectories

Read through that thread to see why it happens.  Quoting:

.htaccess files are additive. Whenever you request a page, the webserver basically goes through every directory down the tree from the root (specified by the closest match of <Directory ...> in the httpd.conf file), and adds all the .htaccess files together. As it traverses them, it parses each one. Later .htaccess files override previous ones, but only for the same specified items. RewriteRules are cumulative.

So what I think is going on is that the authorization in the password protected directory is forcing a 401 response ("Authorization Required") back to the client. Normally, the client would get the 401 and ask for a password.

However, in this case, this 401 response is intercepted by the WordPress RewriteRules which says to rewrite everything to WordPress. This is because .htaccess's are cumulative and your closest matching Directory is the root.

The solution (which is somewhat easy to miss) is:

In WordPress's .htaccess file, add this to the top of the file:

ErrorDocument 401 /path/to/onerror.html

See if that makes any difference. If it doesn't, add another line with 403 instead of 401.
0
 

Author Closing Comment

by:centerforward
ID: 39756653
YES ,,,,, THAT DID IT!!!!

Worked perfect.  Just added that dummy file, and the line and path to it in the main WP .htaccess.  As long as the sub .htaccess and .htpasswd are set up right, it finally prompts the pw login and works perfect. !

That has been driving me crazy for WEEKS man.  What a random and tricky solution,, I'm so glad you remembered that link and where to find it.  

THANK YOU SO MUCH !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Do you think that WordPress is just for blogs?  Think again!  WordPress is really a fantastic all around platform that you can use to develop websites on.  Integrated into its basic functionality is the ability to create pages using your choice of a…
It is possible to boost certain documents at query time in Solr. Query time boosting can be a powerful resource for finding the most relevant and "best" content. Of course the more information you index, the more fields you will be able to use for y…
The purpose of this video is to demonstrate how to manually back up a WordPress Database. This will be demonstrated using a Windows 8 PC. The Host used will be IPage.com Log into your Hosting account. IPage will be used for demonstration : Locat…
The purpose of this video is to demonstrate how to exclude a particular blog category from the main blog page. This is can be used when a category already has its own tab, or you simply want certain types of posts not to show up on the main blog. …

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question