1. Home
  2. Forums Index
  3. Server Side / Apache Web Server 4:24 pm May 2, 2026

Forum Moderators: phranque

Message Too Old, No Replies

.htaccess, wordpress and protected directories

         

kerchmcc

6:35 pm on Oct 21, 2008 (gmt 0)

10+ Year Member



I've got a problem with .htaccess, WordPress, and a protected directory.

The main site is a WP blog. There is a second WP blog in a subdirectory /members/
I want to restrict the folder /members/ to logged in members only

So far nothing I've tried has made the passwords protect anything.
You can just go to the site and look at everything. No password required.

The .htaccess and .htpassword are in the /members/ directory which is not the root of the site.

Because of some notion about the .htaccess files being cumulative.. or something.. I tried taking out the file in the root directory.. but that didn't do anything either.

Here's the Site structure:

/cgi-bin/
/home/ a public blog
/circle/ a different public blog
/images/
/library/
/search/
/members/ content/ a private blog (index.php for this blog is in the /members/ folder)
/members/content/BOD/ a different private blog

I got some direction here: [webmasterworld.com ]
and some from Andrew Rollins' site.

But without success.

Here's what I currently have as .htaccess in the /members/ folder 


ErrorDocument 401 /members/error-401.html 
ErrorDocument 400 /members/error-400.html 
ErrorDocument 403 /members/error-403.html 
ErrorDocument 404 /members/error-404.html 
ErrorDocument 410 /members/error-410.html 
ErrorDocument 500 /members/error-500.html 
#
<IfModule mod_rewrite.c>
RewriteEngine on
# BEGIN WordPress (modified)
# If requested URL-path does not start with "/members/"
RewriteCond %{REQUEST_URI} !^/members/
# and requested URL_path does not resolve to existing file
RewriteCond %{REQUEST_FILENAME} !-f
# and requested URL-path does not resolve to existing directory
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{QUERY_STRING} ^/members$ 
# rewrite the request to WordPress
RewriteRule . /index.php [L]
</IfModule>
# END WordPress


AuthUserFile /mnt/local/home/.../members/.htpassword
AuthGroupFile /dev/null
AuthName "Only approved member access to this directory"
AuthType Basic
<Limit GET POST>
require valid-user
</Limit>
Order allow,deny
Satisfy any

I have been studying and looking for days. I want to scream!
Each time I think I've found the answer, I get bupkiss.
I gotta walk away for a while.

Will sure appreciate any help.
Thanks
kerch

[edited by: jdMorgan at 7:01 pm (utc) on Oct. 21, 2008]
[edit reason] No URLs, please. [/edit]

jdMorgan

7:00 pm on Oct 21, 2008 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Probably the "satisfy all" along with the missing "Allow from." Try: 

AuthUserFile /mnt/local/home/.../members/.htpassword
AuthGroupFile /dev/null
AuthName "Only approved member access to this directory"
AuthType Basic
Require valid-user
#
Order Deny,Allow
Deny from <space-delimited-list-of-unwelcome-IP-addresses>
Allow from all
Satisfy all

Do not use <Limit GET POST> unless you wish to *allow* PUT, DELETE and all other methods not listed. See additional info in Apache core documentation Require [httpd.apache.org] directive.

Jim

 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. Server Side / Apache Web Server 4:24 pm May 2, 2026