Password Protect Directory in WordPress with .htaccess file

I was having a difficult time finding information on how to password protect a directory in WordPress without it throwing a 404 not found error. After lots of searching and multiple examples across lots of other sites, here’s the short and sweet version, all in one place.

Step 1:

Create a file called 401.html and add the following to it:

AUTHENTICATION REQUIRED
You need a username and password to access this area.

Upload the file to the root directory of your WP install.

Step 2:

Add the following to an .htaccess file and upload it to the directory you want to protect:

ErrorDocument 401 /401.html
AuthName "Secure Area"
AuthType Basic
AuthName "Password Protected Area"
AuthUserFile /path/to/directory/.htpasswd
Require valid-user

Step 3:

Add the following to an .htpasswd file and upload it to the directory you want to protect:

user:password

You can add multiple usernames and passwords to this file. Add each to its own line. Also, the password must be encrypted, which you can do here: http://www.kxs.net/support/htaccess_pw.html


Notes:

  • If you don’t add the 401.html file in Step 1, WordPress will throw a 404 not found error when you try to navigate to the protected directory.
  • You can put the 401.html file in a folder of its own if you like, just be sure to change the location in the .htaccess file.
  • Make sure to put the full server path for the AuthUserFile. Many look similar to home/user/public_html/website/directory/.htpasswd Your webhost can help you with this. Or you can do this trick to find the full path to a file using PHP.