Password Protect Directory in WordPress with .htaccess file

I was having a difficult time finding information on how to password protect a directory in WordPress without it throwing a 404 not found error. After lots of searching and multiple examples across lots of other sites, here’s the short and sweet version, all in one place.

Step 1:

Create a file called 401.html and add the following to it:

AUTHENTICATION REQUIRED
You need a username and password to access this area.

Upload the file to the root directory of your WP install.

Step 2:

Add the following to an .htaccess file and upload it to the directory you want to protect:

ErrorDocument 401 /401.html
AuthName "Secure Area"
AuthType Basic
AuthName "Password Protected Area"
AuthUserFile /path/to/directory/.htpasswd
Require valid-user

Step 3:

Add the following to an .htpasswd file and upload it to the directory you want to protect:

user:password

You can add multiple usernames and passwords to this file. Add each to its own line. Also, the password must be encrypted, which you can do here: http://www.kxs.net/support/htaccess_pw.html


Notes:

  • If you don’t add the 401.html file in Step 1, WordPress will throw a 404 not found error when you try to navigate to the protected directory.
  • You can put the 401.html file in a folder of its own if you like, just be sure to change the location in the .htaccess file.
  • Make sure to put the full server path for the AuthUserFile. Many look similar to home/user/public_html/website/directory/.htpasswd Your webhost can help you with this. Or you can do this trick to find the full path to a file using PHP.

4 thoughts on “Password Protect Directory in WordPress with .htaccess file

  1. About the step one, you can use the line: ErrorDocument 401 default

    If you dont want to create your own 401.html.

    That works for me.

    Thanks yuo very much.

  2. Thanks much! This solved my problem and was much better than the solution of modifying the site level .htaccess file and the default WP entries to allow passthrough of the URL’s with password protection. The default entries get overwritten periodically by WP anyway so customizations there are periodically lost.

Leave a Reply

Your email address will not be published. Required fields are marked *

Name *