Solved

Need to exclude an .htaccess/.htpasswd protected subdirectory from WordPress toplevel .htaccess

Posted on 2014-01-03
2
1,352 Views
Last Modified: 2014-01-04
For years, I had a subdirectory such as

http://www.centerforward.com/test

available to myself for my personal use, password protected with .htaccess and .htpasswd, ie an .htaccess in /test with:
---------------------------------------------------
AuthUserFile /home/centerfo/public_html/test/.htpasswd
AuthGroupFile /dev/null
AuthName "Authorized user"
AuthType Basic

<Limit GET>
require user testuser
</Limit>
---------------------------------------------------
(with a corresponding .htpasswd that allowed "testuser" to login and see /test.

But when I made centerforward.com a WordPress site instead of a handcoded site, WordPress came with its own .htaccess that messed up my /test from working, and instead of resolving with the password login prompt, it would resolve to my WP website with a "404 Page not found" - as you can see now:

http://www.centerforward.com/test/

*IF* I remove the .htaccess from /home/centerfo/www/test/, (ie NO password protection), THEN it comes up fine.  But as soon as I put the .htaccess back (because I NEED password protection), the 404 not found comes back.

This link seemed to address my problem:

http://tanyanam.com/technology/wordpress-exclude-directory-from-url-rewrite-with-htaccess

But her solution for /home/centerfo/www/.htaccess didn't work for adding password protection inside /test:

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_URI} !^/(test|test/.*)$
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress

If I attempt the password protection in /test, then it's 404 not found, and if I remove the password protection (which I can't leave like that), then it resolves fine.

My linux admins are telling me this is outside the scope of that they can help me with (which is really lame).  I greatly appreciate any help, as well as recommendations for an affordable linux admin!!  

Thank you so much,
Alan
0
Comment
Question by:centerforward
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 70

Accepted Solution

by:
Jason C. Levine earned 500 total points
ID: 39755099
*IF* I remove the .htaccess from /home/centerfo/www/test/, (ie NO password protection), THEN it comes up fine.  But as soon as I put the .htaccess back (because I NEED password protection), the 404 not found comes back.

This is a long-time issue with WordPress when attempting to protect a subdirectory.  Otto (one of the WordPress core developers) addresses it here:

http://wordpress.org/support/topic/htaccess-and-subdirectories

Read through that thread to see why it happens.  Quoting:

.htaccess files are additive. Whenever you request a page, the webserver basically goes through every directory down the tree from the root (specified by the closest match of <Directory ...> in the httpd.conf file), and adds all the .htaccess files together. As it traverses them, it parses each one. Later .htaccess files override previous ones, but only for the same specified items. RewriteRules are cumulative.

So what I think is going on is that the authorization in the password protected directory is forcing a 401 response ("Authorization Required") back to the client. Normally, the client would get the 401 and ask for a password.

However, in this case, this 401 response is intercepted by the WordPress RewriteRules which says to rewrite everything to WordPress. This is because .htaccess's are cumulative and your closest matching Directory is the root.

The solution (which is somewhat easy to miss) is:

In WordPress's .htaccess file, add this to the top of the file:

ErrorDocument 401 /path/to/onerror.html

See if that makes any difference. If it doesn't, add another line with 403 instead of 401.
0
 

Author Closing Comment

by:centerforward
ID: 39756653
YES ,,,,, THAT DID IT!!!!

Worked perfect.  Just added that dummy file, and the line and path to it in the main WP .htaccess.  As long as the sub .htaccess and .htpasswd are set up right, it finally prompts the pw login and works perfect. !

That has been driving me crazy for WEEKS man.  What a random and tricky solution,, I'm so glad you remembered that link and where to find it.  

THANK YOU SO MUCH !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
0

Featured Post

Space-Age Communications Transitions to DevOps

ViaSat, a global provider of satellite and wireless communications, securely connects businesses, governments, and organizations to the Internet. Learn how ViaSat’s Network Solutions Engineer, drove the transition from a traditional network support to a DevOps-centric model.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Transferring a wordpress site from a host or local dev server to another host can be a pain. So I've included my steps on how I have accomplished this task. Steps include an assumption that you have Cpanel access or Ftp access.. If you do not hav…
If you are a web developer, you would be aware of the <iframe> tag in HTML. The <iframe> stands for inline frame and is used to embed another document within the current HTML document. The embedded document could be even another website.
The purpose of this video is to demonstrate how to Import and export files in WordPress. This will be demonstrated using a Windows 8 PC. Go to your WordPress login page. This will look like the following: mywebsite.com/wp-login.php : Click on Too…
The purpose of this video is to demonstrate how to integrate Mailchimp with WordPress, by placing a Mailchimp signup form on a WordPress Page or Post. This will be demonstrated using a Windows 8 PC. Mailchimp will be used. Log into your Mailchi…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question