How can I access a password protected directory when htaccess redirects to 404?

Question

I have a wordpress install with the following htaccess:

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_URI} !^/secure-area/
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

and a directory /public_html/secure-area/ which has been protected using cPanel.

If I turn off prettylinks in Wordpress, I can access the directory normally, but otherwise, I am redirected to the WP 404 page.
I can access a directory that is not password protected without any problems.

I'm asking here because this is an htaccess problem, not just wordpress specific, and the answers I've seen over here seem better qualified.

Many thanks, Tim

Similar questions which don't address password protected directories:

score 1 · Answer 1 · answered Oct 10 '11 at 11:12

1

I was having the same problem and this worked for me: http://support.aiso.net/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=246

Just switch the 401 Error Document line to read: ErrorDocument 401 default

answered Oct 10 '11 at 11:12

turtlemonvh

9,149
6
47
53

The link seems broken. – palacsint Feb 03 '18 at 21:32
Yep, looks like you are right. And I have no idea what it said since this was 7 years ago, sorry! – turtlemonvh Feb 04 '18 at 22:54

score 1 · Answer 2 · answered Mar 08 '12 at 02:29

The 404 is from not having "401" Error document - one is specified by default with cpanel but not usually not set up by the host. I created a blank document and added this to my .htaccess:

ErrorDocument 401 /empty.html

I did this to protect my wp-admin folder from future/unknown Wordpress exploits after someone defaced my site.

score 0 · Answer 3 · answered Jun 14 '20 at 01:27

0

ErrorDocument 401 default

Add this as the first line in htaccess. Worked for my wordpress site which kept redirecting to 404 page.

answered Jun 14 '20 at 01:27

jaykwapong

31
3

Can you provide any limitations, assumptions or simplifications in your answer. See more details on how to answer at this link: https://stackoverflow.com/help/how-to-answer – Usama Abdulrehman Jun 14 '20 at 04:04

score 0 · Answer 4 · answered Aug 31 '11 at 12:24

I'm still interested in solving this, because I'd like a portable solution, but my workaround is that I've removed password protection and restricted access to my own IP address.

I added an htaccess file in the /secure-area/ directory with the following code from Perishable Press - Studpid htaccess tricks:

# deny all except those indicated here
<Limit GET POST PUT>
 order deny,allow
 deny from all
 allow from x.x.x.x
 allow from .*domain\.com.*
</Limit>

I've got a few scripts i run in there, so i also add:

# enable directory browsing
Options All +Indexes

for ease of use, given that it (should be) a secure directory.

I'm interested in hearing whterh this is a silly, insecure way of going about things :) Ta

score 0 · Accepted Answer · answered Oct 05 '11 at 21:19

I had this same problem under cPanel. In my case it was due to the "~/.htpasswds/public_html/secure-dir/passwd" file/directory not having the correct permissions. I called the hosting company and they chown'd the file with the correct permissions and it worked.

It really had me stumped in that it looked like the directory protection was working b/c it was popping up the AUTH window. But when Apache went to verify the passwd it would choke and serve the WP standard 404 page.

great, thanks Matt! (hmm.. don't seem to be receiving notifications for this thread..) — ptim, Oct 10 '11 at 05:30

How can I access a password protected directory when htaccess redirects to 404?

5 Answers5