The simplest solution is to create a subdomain for the sub directory and so bypass the whole Wordpress htaccess reqrite code.

A simpler solution would be to remove WordPress entirely :)

However if you only have FTP access and not DNS/Cpanel access then the following tweak to your htaccess will be useful:

[change subdir to the name of your password-protected sub directory]

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteBase /
RewriteCond %{REQUEST_URI} ^/subdir/ [OR]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress


A more complete Wordpress htaccess file is as follows, forcing browser caching, enabling server-based GZIP compression, redirect from www. to the primary domain name, the Wordpress upload fix, and then the standard SEF URL Wordpress modrewrite code with access to the password-protected subdir included.


# Set Expire Date
<IfModule mod_expires.c>
ExpiresActive On
ExpiresByType text/html "access plus 1 seconds"
ExpiresByType image/gif "access plus 2 years"
ExpiresByType image/doc "access plus 1 weeks"
ExpiresByType image/pdf "access plus 1 weeks"
ExpiresByType image/zip "access plus 1 weeks"
ExpiresByType image/jpeg "access plus 2 years"
ExpiresByType image/png "access plus 2 years"
ExpiresByType text/css "access plus 2 years"
ExpiresByType text/javascript "access plus 2 years"
ExpiresByType application/x-javascript "access plus 2 years"
</IfModule>

# GZip if possible
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP:accept-encoding} gzip
RewriteCond %{REQUEST_FILENAME} !^.+\.gz$
RewriteCond %{REQUEST_FILENAME}.gz -f
RewriteRule ^(.+) $1.gz [L]

# If subdomain www exists, remove it first
RewriteCond %{HTTP_HOST} ^www\.([^\.]+\.[^\.]+)$ [NC]
RewriteRule ^(.*)$ [%1...] [R=301,L]
# If requested resource does not exist as a file
RewriteCond %{REQUEST_FILENAME} !-f
# and does not end with a period followed by a filetype
RewriteCond %{REQUEST_URI} !..+$
# and does not end with a slash
RewriteCond %{REQUEST_URI} !/$
# then add a trailing slash and redirect
RewriteRule (.*) $1/ [R=301,L]
</IfModule>

# WordPress upload fix
<IfModule mod_security.c>
<Files async-upload.php>
SecFilterEngine Off
SecFilterScanPOST Off
</Files>
</IfModule>

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteBase /
RewriteCond %{REQUEST_URI} ^/subdir/ [OR]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress

You may "tweak" your file even more by removing all the module containers.

The following lines are trouble as well.

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d

I'm sure that lucy will be along shortly to add her spew, in this regard.

To add my WHAT?

:-P

your per betim on:

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d

The one time g###'s Suggested Alternate Spellings mind-reading routine might really have been useful...

Yes, the containers can go. You either have mod_rewrite or you don't. You either have mod_security or you don't. The <if module...> bits are only necessary when it's a generic htaccess that might end up anywhere.

Come to think of it, how did there get to be two entirely separate mod_rewrite chunks? If you don't keep them all together, sooner or later you will forget that one or the other exists. Or you will start subliminally acting as if one of them executes before the intervening modules and the other happens after. Brr.

# If subdomain www exists, remove it first

If g1 were not in an entirely different timezone, he would be stepping in just about now to say: Nuh-uh. Remove it last. Or add it, according to personal taste. The www-redirect goes at the very end, to pick up any requests that have not already been properly redirected. Put the most decisive action first: [F] before external [R=301] before internal rewrite. Within each type, go from most specific to most general.

The !-f and !-d package is almost always overkill. That's what we have 404 pages for. Unless, ahem, we subscribe to the redirect-everyone-to-index-page school. Different thread. Rewriting (not redirecting) any and all nonexistent pages to the Index page is... Uhm, not sure, but I think the technical term is SEO suicide.

:: detour to read up on mod_expires ::

Huh. I really, really do not want to meet a browser whose cache hasn't been emptied in two years.

:: now sitting back to wait for morning in the relevant time zone ::

Or afternoon... :)

Caching beyond a week has no use whatsoever. Usefulness degrades within hours, and is almost useless within days.

Yes, the www redirect should be the last of the redirects and it should be immediatley before the first of the internal rewrites.

Do you guys seriously sit around inserting banal posts and critiquing people all day for fun? Get a life.

Most people who search threads like this want directions or snippets of code to achieve specific aims. (Hence the snippets). Instead of spending your time re-pointing out how the standard rewrite code that Wordpress inserts into htaccess is flawed (The !-f and !-d package is almost always overkill), if you actually do have some knowledge and you really want to help the average web guy out there, why don't you contribute some posts with some useful examples that people can take away, instead of just sprouting and trolling? That's why I don't bother with forums, coz there's just a whole lot of noise, and very little practical assistance.

To start with the article was about password-protected directories - there's a dearth of information on this. Contribute something useful, coz I'm certainly not going to hang around to watch.

No practical assistance?

Have you read the last 75 000 threads?

Here, I'll point out problems with code beyond what was asked.

Does you garage clean your windows as asked, but let you drive out with a flat tyre?

And no, I haven't get time to "sit here all day". I'll breeze in a couple of times for a few minutes. I've got real work that puts food on the table to be getting on with.

Most people who search threads like this want directions or snippets of code to achieve specific aims. (Hence the snippets).

Welcome to Webamster World

Forum charter [webmasterworld.com]

It is not appropriate to expect other members to write your code for you or to debug your entire project; Please don't expect other members to solve a problem you don't want to begin solving yourself.

Don't get upset if someone has the answer but wants to provide you with resources and material to help you solve it on your own. After all, the most educational threads are those where members learn how to help themselves. Such threads also prove to be of most value the next time someone has a similar question.

Before posting a new thread, please try looking through the older posts in the forum index. Someone may have recently asked the same question, and you may benefit from the posted answers. Using the WebmasterWorld search function or the site-specific search feature of major search engines may help you find exactly what you are looking for on WebmasterWorld.

Please describe your server environment and include whatever research and testing you've done so far. This will help the members who are willing to help you, and increase their number, too. Better, more-detailed questions get faster, better, and more-detailed answers, since the other members won't have to ask you for more information.

Please do not post specific details such as domain names, full IP addresses, or personally-identifiable information such as name, e-mail address, IM screen name, etc. Such specifics will be edited or removed in accordance with our Terms of Service [webmasterworld.com], which may render your post meaningless. Please replace all instances of your domain name with "example.com" before posting.

Please do not post links to "test page" URLs, tiny-URLs, screen-shot URLs, personal URLs, or commercial URLs of any nature. Generally, .edu and .org URLs are OK. We prefer to direct members to authoritative non-commercial resources in order to prevent any possible conflicts of interest. Furthermore, posted example links may quickly become outdated, rendering the thread useless to someone reading it just a few months from now. Verbalized problem descriptions will be useful for years to come.

"Fix my code" and "Do my homework for me" threads:

This is a discussion forum, not a help desk or a free code-writing service; If you have a problem, please try to research it and then phrase your post in a manner conducive to general discussion of the issue. Rather than providing one-off solutions, we prefer to help people find resources to help themselves.

A general guideline for code-related problems is: Post your own code and describe what you hoped it would accomplish. Then describe how it fails and include all relevant information from your server error logs. Too-general posts in the form of "What code do I use to do this?" often go unanswered for a long time.

The following resources are often referenced in our Apache forum, and may help to answer or focus your questions.

Webmaster World Search next to LOGIN

Forum Library [webmasterworld.com]