Using WordPress’s permalink feature seems to cause some issues with password protected directories that use Apache’s .htaccess to handle authentication. I recently had to troubleshoot why after installing WordPress on the root level of the domain that a password protected directory would return a 404 page instead of the typical login box.
The problem comes from the Apache rewrite engine that WordPress uses to make search engine friendly URL’s. WordPress uses a .htaccess file in the root folder of the install to take any URL and allow WordPress to process and serve the appropriate page, or error.
What Exactly Is Breaking User Logins
In this condition the Web server thinks that the HTTP data stream sent by the client (ex. a web browser) was correct, but access to the URL requires user authentication which has not yet been provided or which has been provided, but failed authorization tests. This is commonly known as “HTTP Basic Authentication” or HTTP Error 401 Unauthorized.
Generally this error message means you need to log on (enter a valid user ID and password) somewhere first. If you have just entered these and then immediately see a 401 error, it means that one or both of your user ID and password were invalid for whatever reason (entered incorrectly, user ID suspended etc.).
Let’s Fix Directory Listing Too
Another issue could be a HTTP Error 403 Forbidden. The Web server thinks that the HTTP data stream sent by the client (ex. your web browser) was correct, but access to the resource identified by the URL is forbidden for some reason. The most common reason for this error is that directory browsing is forbidden for the Web site. Most Web sites want you to navigate using the URLs in the Web pages for that site. They do not often allow you to browse the file directory structure of the site.
Understanding What it All Means
Now that we know what is causing the errors it is time to fix them. We will perform the solution by placing a couple of ErrorDocument handlers at the top of the .htaccess to pre-empt the WordPress .htaccess rules.
There are a couple of scenarios we will be preventing WordPress from handling. If there are 401 errors (directory authentication) it will send the user to an error page. If there is a 403 error code (a forbidden directory situation) it will send the user to an error document as well. The WordPress permalinks rule never gets processed and will be ignored for these two errors.
Editing the WordPress .htaccess is Simple Solution
The first thing you need to do is locate your WordPress directory. This is often either your www directory or public_html directory. Locate your .htaccess file and open it using any text editor. If you do not see this file you can simply create one using any text editor (such as Notepad on Windows).
Update the .htaccess file before the WordPress information and add the following two lines of code:
ErrorDocument 401 ./error.html
ErrorDocument 403 ./error.html
The finished .htaccess should look like:
ErrorDocument 401 ./error.html
ErrorDocument 403 ./error.html
# BEGIN WordPress
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
# END WordPress
Victory!
Make sure your FTP program is set to upload as ASCII. Upload the .htaccess file to your home directory (often public_html or www). You can also upload an error.html to the root directory.
Attempt to access a directory that is password protected will now give you the popup box you were expecting in the first place, so you can enter your login credentials and gain access as normal.
We also learned how to process 401 and 403 errors in the process using Apache’s ErrorDocument directive using .htaccess in the process.
Thanks. Just what I needed and had been looking for over a month.
Yep O This is Just what I needed … My WordPress was installed in the root /public_html folder so website.com/
but I also had a folder in there called members …that was password protected
by its own .htacces folder:
I then Found this Lovely Bit of info
and just copied: To my roots .htaccess folder i found it a bit strange because there is no such file as error.html …but what ever
IF IT WORKS IT IS RIGHT
ErrorDocument 401 ./error.html
ErrorDocument 403 ./error.html
# BEGIN WordPress
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
# END WordPress
THANKS AGAIN !
Pingback: Inhoud van aangepaste map browsen in een Wordpress website
Thank you! A nice and simple solution to a problem that’s been bugging me for two nights now. It was surprisingly hard to come by solid information on the subject. You also helped me tidy up my .htaccess file and gained a new subscriber.
Tuomas I am glad you were able to locate the solution you needed to fix your problem.
Thank you a lot
You really solved my problem!
I searched “password protected directories 404″ (no quotes) in Google. Your article is #1 and I am glad of it.
I have a fair number of sites floating’ around these days. Couldn’t figure out why the password protect feature wouldn’t work for some.
It was the WordPress in the root causing what I assumed was a 404.
Thank You for the enlightenment and the solution!
Glad to hear this article was able to help.
Your fix worked perfectly on my WordPress site. I don’t know how you figure this stuff out but I’m glad you’re generous with your knowledge and time.
I wasted hours “trouble shooting” the problem until I looked for help and found your site. Very nice!
Thank you so much.
Bill P.
I am so grateful for your instructions. There are clear and very professional. It solved the problem completely. I wish you a creative week ahead.
Warm wishes,
Antti Haverinen
i have my website with permalink, till now everything was fine, but few days before i changed my permalink, now everything is going wrong, now each and every page i am getting 404, even my about-us and contact us pages, they are giving me 404 page if i come to my site from google or any search engines, then also it gives me 404 i have 1000+ posts on my website, for each post & page from google i get 404 page, but within the website except pages i get no 404 page my previous permalink was, %postname%/%category%/
now i added custom taxonomy to my permalink, so it is %location%/%courses%/%postname%
how can i change ?????
awesome..works like a charm
For me, don’t work.
Really ask for login and password, but always said Login/pass incorrect.
The article has been of great use for me.
I wasted almost 5 hours trying to find out myself as to why was I getting Page Not Found error
Thanks again
Thank you so much Gino, I will try this one on my blog.
Thanks Gino I have so many 404 error on my blog. I will try this one.
John
I am new to word press, I will try this solution. Thank you Gino.
Mark
Awesome solution – worked like a charm! Thanks so much for sharing this information.
Great stuff, worked beautiful. Cheers
Thanks mate! Perfect.
Pingback: Here is a simple solution if you are looking to have a password protected directory... › Jean Egan
Thank you so much.
I have an add-on domain with wordpress, nested under a main domain with wordpress – worked for a pass protected folder in the add-on domain section. 
Thank you!! Recently upgrading site to wordpress seemed to break my other password protected directories… a quick google found this article and it fixed it in 5 minutes!!
Much appreciated!
Thanks. I wish I’d found this about 3 hours earlier. I burned a ton of time tinkering with the WordPress .htaccess trying to make it exclude the sub-directories I had only to (finally) realize the existing rules already skipped real files/directories and my problem was elsewhere. Once I realized NOT to search for “make wordpress ignore subdirectories” but “make wordpress ignore protected subdirectories” I was here and fixed in no time. Thank you.
Thanks dude this worked perfectly! Looked everywhere to figure this out!
Adding the following to lines to the .htaccess in the protected directory did it for me.
ErrorDocument 401 ./error.html
ErrorDocument 403 ./error.html