I have a site which is in wordpress, there is one folder within root of that, Which is built in static php.
When i am trying to protect that site with .htaccess it conflicts with root .htaccess of wordpress.
I have placed the protection htaccess within the folder
this is what i put in webmaster directory .htaccess file but it goes 404
ErrorDocument 401 /401.html
AuthType Basic
AuthName "welvo maker"
AuthUserFile "/home/welvo/.htpasswds/public_html/webmaster/passwd"
require valid-user
Hello you can protect subfolder directory using .htaccess by adding below line
RewriteBase /subfolderdirectoryname
As well as you can see reference link which will help you to understand better.
New rewrite rules in subdirectory with htaccess
Related
Does anyone know how to password protect a directory in a Wordpress plugin folder WITHOUT .htaccess?
Apparently WPEngine no longer lets you put htaccess files in the directory - it's been depreciated for some reason.
This would seem to be a loaded question... just because you can't use .htaccess in the directory you want to protect, doesn't necessarily mean you can't use the main .htaccess file in the root.
On Apache 2.4 you can use an Apache <If> expression to limit the HTTP Authentication directives to just that directory.
For example:
<If "%{REQUEST_URI} =~ m#^/wp-content/plugins/#">
AuthType Basic
AuthName "Private Area"
AuthUserFile "/private/path/outside/document-root/.htpasswd-wp-content-plugins"
Require valid-user
</If>
Here is my folder directory
wordpress
project
html
index.html (html page)
wp-admin
wp-content
wp-includes
etc...
What I want if someone want to access the main directory folder i.e. project folder for example ( domain.com/project ) it redirect to wordress 404.php .htaccess
To ensure the server finds your 404 page, add the following line to your .htaccess file:
Deny from all
ErrorDocument 404 /page-404.html
Check the docs on Codex: Creating an Error 404 Page
Maybe help plugin:
http://wordpress.org/extend/plugins/private-files/
You need to create an .htaccess file in the directory you want to restrict. Then you will deny access to your directory and redirect redirect all "403 forbidden" request to a 404 page adding this lines to the .htaccess file:
Deny from all
ErrorDocument 403 /404
This are the only lines you need to include in this file.
Whenever I try to protect wp-admin directory using a password, .htaccess file is created inside wp-admin folder. But when I navigate to the wp-admin folder via browser it gives below error. Also i have noted when i rename or delete the htaccess file within wp-admin folder then browser is able to navigate to wp-admin folder.
What can i do to protect wp-admin folder and at the same time access the wp-admin folder via browser ?
http://abc.com/wp-admin/
htaccess within wp-admin folder looks like below
AuthName "Authorised Users"
AuthUserFile "/home/abc/.htpasswds/public_html/wp-admin/passwd"
AuthType Basic
require valid-user
you can write following code into htaccess
AuthName "Restricted Area"
AuthType Basic
AuthUserFile /home/pathto_htpasswd/.htpasswd
AuthGroupFile /dev/null
require valid-user
and below into htpasswd
username:encrypted_password
OR you can use plugin
I had similar issues when adding password protection to the wp-admin directory. In addition to the code that you already added, try adding the following 2 lines to the top of your .htaccess file:
ErrorDocument 401 "Access Denied"
ErrorDocument 403 "Access Denied"
Note that while you might have protected your wp-admin directory, you have not protected your wp-login.php file, you you are still vulnerable to a brute force attack. So you will also want to edit the .htaccess file at the root of your site and enclose the same code within FilesMatch tags. So it would look something like this:
<FilesMatch "wp-login.php">
ErrorDocument 401 "Access Denied"
ErrorDocument 403 "Access Denied"
AuthName "Authorised Users"
AuthUserFile "/home/abc/.htpasswds/public_html/wp-admin/passwd"
AuthType Basic
require valid-user
</FilesMatch>
How can I password protect development Wordpress site complete from search engines and humans using htaccess.
Also can you specify in which folder I need to keep .htaccess file in wordpress to complete block it.
I tried it with following htacess file but after logging in only homepage showsup and other pages don't work.
SetEnvIf Host dev.test.com passreq
AuthType Basic
AuthName "restricted area"
AuthUserFile /home/user/dev.test.com/wp-content/themes/theme_name/.htpasswd
Require valid-user
Order allow,deny
allow from all
Deny from env=passreq
Satisfy any
What am I doing wrong? Currently I am keeping .htaccess file in *wp-content/theme/theme_name/.htaccess*
You should put your file in your Webroot to completely password protect it. Putting it under *wp-content/theme/theme_name will only protected files served from this directory
I have wordpress installed in the root of my website public_html
Although I have other folder inside a projects folder running their own websites.
The .htaccess in the wordpress folder (parent-most folder) might be causing issues for the inside folders.
Is there a way, I can mention for a folder not to look any higher for htaccess files ?
DETAIL:
The two main issues I am currently having our
- if I set the status code to 500, I am get redirected to my home page (index.php)
- if a page is not found, it gets redirected to index.php
Thanks.
Put this code in your .htaccess under DOCUMENT_ROOT directory (just above your wordpress rewrite stuff):
RewriteRule ^subfolder(/.*|)$ - [L]