Using WordPress’s permalink feature seems to cause some issues with password protected directories that use Apache’s .htaccess to handle authentication. I recently had to troubleshoot why after installing WordPress on the root level of the domain that a password protected directory would return a 404 page instead of the typical login box.
The problem comes from the Apache rewrite engine that WordPress uses to make search engine friendly URL’s. WordPress uses a .htaccess file in the root folder of the install to take any URL and allow WordPress to process and serve the appropriate page, or error.
What Exactly Is Breaking User Logins
In this condition the Web server thinks that the HTTP data stream sent by the client (ex. a web browser) was correct, but access to the URL requires user authentication which has not yet been provided or which has been provided, but failed authorization tests. This is commonly known as “HTTP Basic Authentication” or HTTP Error 401 Unauthorized.
Generally this error message means you need to log on (enter a valid user ID and password) somewhere first. If you have just entered these and then immediately see a 401 error, it means that one or both of your user ID and password were invalid for whatever reason (entered incorrectly, user ID suspended etc.).
Let’s Fix Directory Listing Too
Another issue could be a HTTP Error 403 Forbidden. The Web server thinks that the HTTP data stream sent by the client (ex. your web browser) was correct, but access to the resource identified by the URL is forbidden for some reason. The most common reason for this error is that directory browsing is forbidden for the Web site. Most Web sites want you to navigate using the URLs in the Web pages for that site. They do not often allow you to browse the file directory structure of the site.
Understanding What it All Means
Now that we know what is causing the errors it is time to fix them. We will perform the solution by placing a couple of ErrorDocument handlers at the top of the .htaccess to pre-empt the WordPress .htaccess rules.
There are a couple of scenarios we will be preventing WordPress from handling. If there are 401 errors (directory authentication) it will send the user to an error page. If there is a 403 error code (a forbidden directory situation) it will send the user to an error document as well. The WordPress permalinks rule never gets processed and will be ignored for these two errors.
Editing the WordPress .htaccess is Simple Solution
The first thing you need to do is locate your WordPress directory. This is often either your www directory or public_html directory. Locate your .htaccess file and open it using any text editor. If you do not see this file you can simply create one using any text editor (such as Notepad on Windows).
Update the .htaccess file before the WordPress information and add the following two lines of code:
ErrorDocument 401 ./error.html
ErrorDocument 403 ./error.html
The finished .htaccess should look like:
ErrorDocument 401 ./error.html
ErrorDocument 403 ./error.html
# BEGIN WordPress
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
# END WordPress
Victory!
Make sure your FTP program is set to upload as ASCII. Upload the .htaccess file to your home directory (often public_html or www). You can also upload an error.html to the root directory.
Attempt to access a directory that is password protected will now give you the popup box you were expecting in the first place, so you can enter your login credentials and gain access as normal.
We also learned how to process 401 and 403 errors in the process using Apache’s ErrorDocument directive using .htaccess in the process.
Thanks. Just what I needed and had been looking for over a month.
Yep O This is Just what I needed … My WordPress was installed in the root /public_html folder so website.com/
but I also had a folder in there called members …that was password protected
by its own .htacces folder:
I then Found this Lovely Bit of info 🙂
and just copied: To my roots .htaccess folder i found it a bit strange because there is no such file as error.html …but what ever
IF IT WORKS IT IS RIGHT
ErrorDocument 401 ./error.html
ErrorDocument 403 ./error.html
# BEGIN WordPress
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
# END WordPress
THANKS AGAIN !
Pingback: Inhoud van aangepaste map browsen in een Wordpress website
Thank you! A nice and simple solution to a problem that’s been bugging me for two nights now. It was surprisingly hard to come by solid information on the subject. You also helped me tidy up my .htaccess file and gained a new subscriber. 🙂
Tuomas I am glad you were able to locate the solution you needed to fix your problem.
Thank you a lot
You really solved my problem!
I searched “password protected directories 404” (no quotes) in Google. Your article is #1 and I am glad of it.
I have a fair number of sites floating’ around these days. Couldn’t figure out why the password protect feature wouldn’t work for some.
It was the WordPress in the root causing what I assumed was a 404.
Thank You for the enlightenment and the solution!
Glad to hear this article was able to help.
Your fix worked perfectly on my WordPress site. I don’t know how you figure this stuff out but I’m glad you’re generous with your knowledge and time.
I wasted hours “trouble shooting” the problem until I looked for help and found your site. Very nice!
Thank you so much.
Bill P.
I am so grateful for your instructions. There are clear and very professional. It solved the problem completely. I wish you a creative week ahead.
Warm wishes,
Antti Haverinen
i have my website with permalink, till now everything was fine, but few days before i changed my permalink, now everything is going wrong, now each and every page i am getting 404, even my about-us and contact us pages, they are giving me 404 page if i come to my site from google or any search engines, then also it gives me 404 i have 1000+ posts on my website, for each post & page from google i get 404 page, but within the website except pages i get no 404 page my previous permalink was, %postname%/%category%/
now i added custom taxonomy to my permalink, so it is %location%/%courses%/%postname%
how can i change ?????
awesome..works like a charm
For me, don’t work.
Really ask for login and password, but always said Login/pass incorrect.
The article has been of great use for me.
I wasted almost 5 hours trying to find out myself as to why was I getting Page Not Found error
Thanks again
Thank you so much Gino, I will try this one on my blog.
Thanks Gino I have so many 404 error on my blog. I will try this one.
John
I am new to word press, I will try this solution. Thank you Gino.
Mark
Awesome solution – worked like a charm! Thanks so much for sharing this information.
Great stuff, worked beautiful. Cheers
Thanks mate! Perfect.
Pingback: The Onion » The Fix:
Thank you so much for posting this. I followed your steps for my site as well, but it seems that it is not working, although I do get prompted for username/password, every time I put them in, it just does not open the folder, rather showing the login screen again.
This is my link:http://ads.pe/1dI0ukh
Any ideas?
Server is Linux/cPanel.
Thanks!
This worked for me, thank you :).
great post, very informative. I’m wondering why the other specialists of this sector don’t understand
this. You should proceed your writing. I’m confident, you have a great readers’ base already!
Thanks a lot bro. working fine.
I was also facing the same thing. Thanks a lot
thanks for this informative article.
404 errors are commons to WordPress but you can find very less solution. Thanks.
Thanks Gino. Again I am someone else your info has helped, very good, I was almost giving up on the problem! Some notes that may be useful to other folk….
My WP site was installed in the root public_html folder (hence this whole problem as explained by Gino).
I used PuTTY to get shell access to my web space, made a backup copy of my already existing .htaccess, then used “vi” to edit the .htaccess file.
I also added a change recommended on another website to the line
RewriteRule . /index.php [L]
changing it to
RewriteRule ./ /index.php [L] (note the extra slash)
But the key to really making it work was your info about adding the pointers to the error 401 and 403 pages (I logged into my cPanel and used the convenient Advanced->Error Pages feature to create the pages in root public_html folder) and then added:-
ErrorDocument 401 /401.shtml
ErrorDocument 403 /403.shtml
into the top of my my .htaccess file. Note cPanel created these as .shtml files in my site ROOT (public_html), so the actual error page is /401.shtml (not ./ and change .html to .shtml). These are subtle changes people not Linux savvy should be aware of.
Thanks again
Jim
PS. Time to clean up some of those annoying spam comments above!? 😉
This works but the only issue is if the viewer clicks cancel it goes to a page with error.html in the top left corner. Is there any way to make it re-direct to the home page of the site?
ErrorDocument 401 ./error.html
ErrorDocument 403 ./error.html
# BEGIN WordPress
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ – [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
# END WordPress
This is all you need
DirectoryIndex index.php
Options -Multiviews
Options All -Indexes
Options +FollowSymLinks
ErrorDocument 401 default
ErrorDocument 403 default
# BEGIN WordPress
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ – [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
# END WordPress
I really need to fix this on my website, thanks.
Superb Blog
Really Amazing Post!
Thank you! Spent a lot of time trying to find how to fix this and then found this page, all working perfectly now. Thanks again
This was brilliant. Strong with the Force this one. Thank you!