Password Protecting a WordPress installed in a directory of a WordPress install?

  • Hi everyone,

    So I’m working on a draft of a WordPress site in a live environment. I want to password protect it. This draft is at myurl.com/test/wordpress2/ and myurl.com has WordPress installed on it as well. I’ve looked up a zillion articles about .htaccess and WordPress but none of them seem to deal with having a WordPress below a WordPress.

    I’ve tried a number of configurations that variously end in either a 500 error or a 404 error.

    Here’s what I have as .htaccess at myurl.com/

    ErrorDocument 401 /MYURL.COM/onerror.html
ErrorDocument 403 /MYURL.COM/onerror.html

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_URI} ^/(failed_auth\.html).*$ [NC]
RewriteRule . - [L]
</IfModule> 

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress

    And here’s what I have at myurl.com/test/

    ErrorDocument 401 /MYURL.COM/test/onerror.html
ErrorDocument 403 /MYURL.COM/test/onerror.html

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_URI} ^/(failed_auth\.html).*$ [NC]
RewriteRule . - [L]
</IfModule> 

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress

AuthType Basic
AuthUserFile /MYURL.COM/test/.htpasswd
AuthName “Password protected area”
require valid-user
The .htpasswd file is at myurl.com/test/.htpasswd

    Can anyone help me figure out why this is producing a 404? I have no idea. The guides I’ve looked up for fixing this problem led me to the ErrorMessage 401 / 403 lines, but I suspect it’s something about the order and number of my .htaccess files.

Viewing 5 replies - 1 through 5 (of 5 total)

  • Hi there,

    What’s the URL you are trying which results in the 404?

    Thanks

    Gregor

    Hey,

    I’ve just had a better look at your code…

    lets look at this line
    ErrorDocument 401 /MYURL.COM/test/onerror.html

    The initial forward slash before the MYURL.COM represents the root directory of your site. So in this case it will be looking in the root for a directory called ‘MYURL.COM’, inside which is a directory called ‘test’ and inside which is an HTML file called ‘onerror.html’. (ie this normally equates to the URL – https://www.myurl.com/MYURL.COM/test/onerror.html&#8217;) This will probably be giving you the 404.

    For .htaccess, this should be relative to your server root (ie /home/<username>/public_html/test/.htpasswd)

    I’d adjust these first and see where we are at that point, so…

    Here’s what I have as .htaccess at myurl.com/ 

    ErrorDocument 401 /onerror.html
ErrorDocument 403 /onerror.html

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_URI} ^/(failed_auth\.html).*$ [NC]
RewriteRule . - [L]
</IfModule> 

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress

    And here’s what I have at myurl.com/test/ 

    ErrorDocument 401 /test/onerror.html
ErrorDocument 403 /test/onerror.html

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_URI} ^/(failed_auth\.html).*$ [NC]
RewriteRule . - [L]
</IfModule> 

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress

AuthType Basic
AuthUserFile /home/<username/public_html/test/.htpasswd
AuthName “Password protected area”
require valid-user

    Thanks

    G

    Thread Starter nora.pinafren

    (@norapinafren)

    Thanks for your help, Gregor! I changed everything to your suggestions, but still get a 404 error at myurl.com/test/ and myurl.com/test/wordpress2.

    May I ask why the AuthUserFile doesn’t follow the same route as the onerror.html file? I.e., why doesn’t it need to say /test/.htpasswd instead of /home/USERNAME/public_html/test/.htpasswd? Maybe that’s the problem?

    Okay, try to narrow down where the error is occurring – step by step.

    Remove the second .htaccess in the /test/ directory and concentrate on the top level one. This top level one is simple enough. It will redirect any 401s and 403s for the entire site to https://www.MY-URL.com/onerror.html. For the moment remove the WP blocks and leave just the two ErrorDocument lines. Nice and simple.

    This may be an obvious step but make sure you can access https://www.MY-URL.com/onerror.html directly in a browser.

    I’d remove everything from the second .htaccess except for the last four lines for the moment. Have you changed ‘/home/<username>/public_html/test/.htpasswd’ to match your server root address? This will protect this directory.

    You don’t need to re-assign the 401/403 locations in the sub htaccess, (aren’t these files located within the password restricted directory? Therefore when someone can’t login, they wont be able to access these files either?) if you leave the 401/403 settings to the top level, this will apply to the sub directories too.

    At this point any 401s/403s from the subdirectory will redirect to onerror.html in the top level.

    If this now works I’d add the second WP block back into the top level .htaccess file. Leave out the first block that includes “failed_auth\.html”.

    The next issue is that the WP block in the sub .htaccess file, rewrites subdirectory permalinks to the top level rather than the sub directory. So this can then be added along the lines of:

    <IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /test/
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /test/index.php [L]
</IfModule>

    Not sure about the whys and hows around the relative/absolute locations – you can also use a full URL (https://www.MY-URL…&#8230;. etc) in place of the error file locations but it may not sit well with some servers.

    Let me know how you get on – hope you can follow my suggestions! They’re not exactly clear ??

    Thread Starter nora.pinafren

    (@norapinafren)

    Thanks for the suggestions! I tried them all, plus just about every combination of location and htaccess I could come up with, but I keep getting 500s.

    Is there something I’m maybe missing about the Rewrite rules that would be different because test/wordpress2 has a wordpress install but so does just myurl.com?

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Password Protecting a WordPress installed in a directory of a WordPress install?’ is closed to new replies.