Learning Is Fun

Talks on Web Technology and Better Product Development

Password protect sub-directory in wordpress by htaccess

October18

Hello!

Recently a Canadian client of mine told me to look at an interesting wordpress problem. I regularly develop wordpress theme for him. He is a great artisitic designer of wordpress theme and I code theme to HTML & CSS. Whatever, my client told me that he wants to password protect a sub-directory “download”. He has done it from cPanel. He also created a user and permitted that user in that sub-directory. But it was not working.

Befoer I start, I want to clear that in this case wordpress was installed in root directory. One more thing is in this post i cannot write “.” and “htaccess” together. May be this is a security issue. If I write “.” and “htaccess” together, the post is not saved and I get a 404 error. So, I have written (dot)htaccess instead. Again, (dot)htpasswds instead of “.” and “htpasswds” together.

So I logged in to the cPanel to check what is happening actually. I found that whenever you password protect a sub-directory from cPanel, a new (dot)htaccess file will be created in that sub-directory. And the content of the (dot)htaccess file is less or more like as follows:

AuthType Basic AuthName “Authorized Area!”
AuthUserFile “/home/ftpusername/(dot)htpasswds/public_html/download/passwd”
require valid-user

And your password that you set from the cPanel will be encrypted and saved in a file (dot)htpasswds in the AuthUserFile location.

If this was not a wordpress site or it was a wordpress site (but custom Permalink not used; rather the Default used), you should not face problem in most cases. But when you use customized Permalink in wordpress to create beautiful links and try to protect a password, the password protection from cPanel does not work!

But do you know why? Here is the reason: in the root directory you installed wordpress and here there is a (dot)htaccess file. The settings in this file and the (dot)htaccess in your sub-directory (for example root_directory/download/(dot)htaccess) do not smoothly match with each other with since you are using Permalink plug-in to customize your URLs.

So, when you try to go to: http://www.yoursitename.com/download wordpress think that it is a post or page!

WordPress think this because you have enables permalink and this is quite correct and logical. But you know your download sub-directory is not a post but a folder/directory in the root folder. So, you need to do something so that wordpress does not confuse the following link as a post or page.

http://www.yoursitename.com/download

Here is the solution:
1. Open the (dot)htaccess file in http://www.yoursitename.com/(dot)htaccess
2. Find out the line # BEGIN WordPress
3. Just before this, add the following three lines:
# To bypass download directory
ErrorDocument 401 /%{REQUEST_URI}/myerror.html
ErrorDocument 403 /%{REQUEST_URI}/myerror.html
4. Save the (dot)htaccess file and upload in your root or installation directory.

Now go to http://www.yoursitename.com/download and check if it works. If everything is OK, you should get a prompt asking for a username and password that you set from the cPanel.

Here is my example:
Sub-directory download password protected: http://www.tanzilo.com/download
Permalink smoothly working: http://www.tanzilo.com/2008/10/18/password-protect-sub-directory-in-wordpress-by-htaccess/

Or you may install a shopping cart in location as in:

http://www.yoursitename.com/shop

This should work smoothly too as you see my example here:
http://tanzilo.com/shop

Although there is an application/software in the shop sub-directory, wordpress no more thinks it a post or page!

Thus, you can set (dot)htaccess, password protected sub-directory (i.e. /download/) and any other sub-directory (i.e. /shop/) in such a way that they will be living in happiness in the same home!

The last interesting thing is this solution is sometimes helpful in Drupal and in some other applications where (dot)htaccess and URL rewriting code do not fit together.

Thanks for reading.

Share and Enjoy:
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google Bookmarks
posted under Blog, Wordpress
22 Comments to

“Password protect sub-directory in wordpress by htaccess”

  1. On October 24th, 2008 at 6:41 pm Directory Says:

    I have been searching on the net for directory and end up visiting your site. I really like the posts here, especially this one regarding ord protect sub-directory in wordpress by htaccess – Learning Is Fun. I already bookmarked your site and sure visit again.

  2. On October 24th, 2008 at 7:07 pm Tatiana Says:

    Very useful post. where can i find more articles no this subject ?

  3. On November 29th, 2008 at 7:33 am Michael Says:

    Genius, thanks for helping me to stop pulling my hair out

  4. On December 17th, 2008 at 12:34 pm tony Says:

    nice blog!! I really liked this blog.your post are good trip for me Thanks for sharing (:

  5. On December 18th, 2008 at 8:51 pm M Prindle Says:

    With WordPress v2.6 and older locking a sub directory like wp-admin worked with no issues. It’s only 2.7 and later that it’s broke. I don’t totally understand what the code is doing, but it works. :)

  6. On January 13th, 2009 at 6:13 pm Lou Lesko Says:

    Thank you so much for taking the time to post this you saved me a huge headache. You’re awesome.

  7. On January 30th, 2009 at 3:36 am tiherp Says:

    Thanks for sharing………informative……I like you layout…..itz cool man.

    Could you please refer any forum that I can get few different plugins.

  8. On January 30th, 2009 at 11:13 am admin Says:

    @ tiherp

    You are always welcome.

    The most wordpress plugin resources are here:
    http://wordpress.org/extend/plugins/

    And you may also find many other free and commercial plugins by Google search.

  9. On February 5th, 2009 at 1:02 am Carrrrrlos Says:

    Great! Thanks! :^)

  10. On March 28th, 2009 at 6:01 pm RaiulBaztepo Says:

    Hello!
    Very Interesting post! Thank you for such interesting resource!
    PS: Sorry for my bad english, I’v just started to learn this language ;)
    See you!
    Your, Raiul Baztepo

  11. On April 9th, 2009 at 7:01 pm Fishy Fred Says:

    Thanks for the useful information!

  12. On April 13th, 2009 at 11:05 pm Damir Says:

    You are a legend my friend. I am so thankful. You have saved me hours and hours worth of headaches. Thank You!!!

  13. On May 30th, 2009 at 6:22 am IndiaPoint Says:

    Very Useful Resource. Very well explained.

  14. On June 7th, 2009 at 10:37 am language learning software Says:

    Finally someone who can write a good blog ! . This is the kind of information that is useful to those want to increase their SERP’s. I loved your post and will be telling others about it. Subscribing to your RSS feed now. Thanks

  15. On July 9th, 2009 at 12:32 am Rob Says:

    Brilliant, i did wonder if it was due to the htaccess in the WP root, you’re a star thanks for the post.

  16. On August 12th, 2009 at 1:39 pm J. Pisano Says:

    This is exactly what I was looking for! I searched for hours trying to find a solution that WORKED. Your does. Brillant!

  17. On February 2nd, 2010 at 1:38 pm Kamesh Says:

    Superb !!!! Helped me a lot

  18. On February 15th, 2010 at 10:15 pm Josh Thomas Says:

    Life saver…..I repeat…..LIFE SAVER! Thank you for this.

  19. On February 28th, 2010 at 7:42 am Web Development Says:

    I spent a long time tinkering with apache until i realised the problem was wordpress! Thanks for the info.

  20. On March 25th, 2010 at 3:22 pm laura Says:

    I have no idea HOW that works, but it does. THANK YOU! :)

  21. On March 30th, 2010 at 10:42 am patris Says:

    tnx, so good

  22. On July 19th, 2010 at 2:45 am anthony Says:

    works perfectly thank you :)

Email will not be published

Website example

Your Comment: