{"id":369,"date":"2011-03-21T22:31:43","date_gmt":"2011-03-21T11:31:43","guid":{"rendered":"http:\/\/howden.net.au\/thowden\/?p=369"},"modified":"2011-03-21T22:31:43","modified_gmt":"2011-03-21T11:31:43","slug":"wordpress-404-error-password-admin-directory","status":"publish","type":"post","link":"https:\/\/howden.net.au\/thowden\/2011\/03\/wordpress-404-error-password-admin-directory\/","title":{"rendered":"WordPress gives 404 error with password protect on wp-admin directory"},"content":{"rendered":"<p>Damn, but that was a long-winded process. I&#8217;ve just spent the better part of 4 hours reading and researching why I get (got, its fixed now)\u00a0 404 errors from wp-admin when I enabled .htaccess Authentication (htpasswd) for the wp-admin directory. It only happened with WordPress MU \/ Network config.<\/p>\n<p>googling for this error ends up with a mountain of irrelevant threads, inconclusive discussion, and unanswered questions.<\/p>\n<p>WordPress single user 3.1 is not affected by this as there are no ReWrite rules required for the wp-admin. The issue only occurs with MU or Network as it is now called in WP 3.0+ as there is a set of ReWrite rules in the .htaccess file that look like this:<\/p>\n<blockquote><p>\nRewriteCond %{REQUEST_FILENAME} -f [OR]<br \/>\nRewriteCond %{REQUEST_FILENAME} -d<br \/>\nRewriteRule ^ &#8211; [L]<br \/>\nRewriteRule  ^[_0-9a-zA-Z-]+\/(wp-(content|admin|includes).*) $1 [L]<br \/>\nRewriteRule  ^[_0-9a-zA-Z-]+\/(.*.php)$ $1 [L]<br \/>\nRewriteRule . index.php [L]\n<\/p><\/blockquote>\n<p>The issue is that the prompt for the username and password that should happen automagically cannot occur due to the rewrite rules.<\/p>\n<p>The rewrite rules are to look for a valid directory or file and if it is not a valid directory or file then redirect to the index.php which is what happens as the htpasswd AuthConfig process is not a valid file or directory (apparently &#8211; umm, so what is it? like is there another rewrite rule that would avoid this? obscure Apache voodoo)<\/p>\n<p>The fix is to create a valid file as an ErrorDocument directive for a 401 or 403 error (Authorisation errors) and have this at the top of the .htaccess file so that Apache will return a valid file flag and therefore allow the AuthConfig prompt to occur.<\/p>\n<p>Edit your top level .htaccess above the section for #Rewrite for WordPress<\/p>\n<blockquote><p>\nErrorDocument 401 \/myerror.html<br \/>\nErrorDocument 403 \/myerror.html\n<\/p><\/blockquote>\n<p>if you dont want to put this dummy file in your site root then add the path to the filename<\/p>\n<blockquote><p>\nErrorDocument 401 \/[path_to_file]\/myerror.html<br \/>\nErrorDocument 403 \/[path_to_file]\/myerror.html\n<\/p><\/blockquote>\n<p>Then just create an empty file with that name in the appropriate path.<\/p>\n<p>The references that I used were:<br \/>\n<a href=\"http:\/\/www.scratch99.com\/2008\/10\/password-protecting-the-wp-admin-folder\/\">http:\/\/www.scratch99.com\/2008\/10\/password-protecting-the-wp-admin-folder\/<\/a><br \/>\nWhich is where I finally found a decent reference that was related to the issue and that blog referenced this one,<\/p>\n<p><a href=\"http:\/\/developedtraffic.com\/2007\/05\/27\/wordpress-admin-password-protection-404\/\">http:\/\/developedtraffic.com\/2007\/05\/27\/wordpress-admin-password-protection-404\/<\/a><br \/>\nWhich pointed me at TextPattern <a href=\"http:\/\/textpattern.com\/faq\/173\/password-protected-directories-with-htaccess\">http:\/\/textpattern.com\/faq\/173\/password-protected-directories-with-htaccess<br \/>\n<\/a><br \/>\nand for good measure, this site helped to complete my understanding of why this process works.<br \/>\n<a href=\"http:\/\/www.ju-ju.com\/2006\/03\/17\/wordpress-404-error\">http:\/\/www.ju-ju.com\/2006\/03\/17\/wordpress-404-error<br \/>\n<\/a><br \/>\nThanks to the authors of each of those sites.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Damn, but that was a long-winded process. I&#8217;ve just spent the better part of 4 hours reading and researching why I get (got, its fixed now)\u00a0 404 errors from wp-admin when I enabled .htaccess Authentication (htpasswd) for the wp-admin directory. It only happened with WordPress MU \/ Network config. googling for this error ends up [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[14,24],"tags":[],"class_list":["post-369","post","type-post","status-publish","format-standard","hentry","category-security","category-wordpress-links"],"_links":{"self":[{"href":"https:\/\/howden.net.au\/thowden\/wp-json\/wp\/v2\/posts\/369","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/howden.net.au\/thowden\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/howden.net.au\/thowden\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/howden.net.au\/thowden\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/howden.net.au\/thowden\/wp-json\/wp\/v2\/comments?post=369"}],"version-history":[{"count":0,"href":"https:\/\/howden.net.au\/thowden\/wp-json\/wp\/v2\/posts\/369\/revisions"}],"wp:attachment":[{"href":"https:\/\/howden.net.au\/thowden\/wp-json\/wp\/v2\/media?parent=369"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/howden.net.au\/thowden\/wp-json\/wp\/v2\/categories?post=369"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/howden.net.au\/thowden\/wp-json\/wp\/v2\/tags?post=369"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}