Hacksar

If you have ever used WordPress on any of your websites, you may have noticed that it likes to take over everything that’s in its subdirectories and redirect any error 404’s (file not found) to its own custom error page. This is a very big problem when you try to password protect a directory using an .htaccess file (or through cPanel). WordPress will grab that page and redirect it to “file not found”, since it asks you to log in (but WP doesn’t like that). Thankfully, there are two solutions that may work for you. Keep reading to see them.

The root cause of this is WordPress’s .htaccess file. Open up the .htaccess file that’s in your WP root folder. You will see a section that has things like RewriteCond and RewriteRule, etc. Right above all the RewriteCond’s, add the following line with the word “folder” replaced by the name of the directory you want to password. Note that the pipe (|) means or, so this will not redirect both www.site.com/folder OR www.site.com/folder/ OR www.site.com/folder/stuff.html.

RewriteCond %{REQUEST_URI} !^/(folder|folder/.*)$

This theoretically should exempt all links that have the name of the folder in them from being redirected by the WordPress rules.

However, it does not always work. Also, it is a pain because every time you add a new passworded directory, you have to edit this file and add it. There is a quick, easy, and effective solution that has a higher success rate that also works for ALL passworded directories, and doesn’t need to be modified once set up.

To do this, create a blank file (or you can just have <html></html> in it, the contents do not matter at all – it’s just a placeholder) and name it something with an html extension. (A good name would be 401.html if you can’t think of anything.) Upload this file in the root of your WordPress installation, and to the .htaccess file, add the following code at the very top.

ErrorDocument 401 /path/to/401.html
ErrorDocument 403 /path/to/401.html

The /path/to/401.html should be replaced with the server path to the file. (It usually is something like /home/username/public_html/401.html assuming you’re on a Linux server and have WordPress installed to the root.) You should now have no problem accessing your password protected directories, even with WP installed!

Hopefully, one of these two methods worked for you. I personally tried both, but while the first one failed for me, the second one worked. So, you just have to try it until it works.

Did you like what you read? Be sure to get the latest posts emailed straight to you or subscribe to our RSS feed for the latest posts.