WordPress 2, .htaccess Protected Directory, and 404 Error

作者: , 2006/03/17 17:01 EDT

Note: I found an even better solution. Please see my comment below.

Ever since upgrading this blog from WordPress 1.5 to 2.0, files inside a password protected directory no longer works. Any attempt to load file in the directory will be redirected to WordPress and get a 404 error. After some research and debugging, I find the rewrite section WordPress put in my main .htaccess file is causing the problem. The rules reads like this:
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]

What it does is check to see if the requested filename is a regular file or a real directory. If it’s neither of the two then redirect to /index.php, which is WordPress entry.

Supposedly, any existing directory or file in it will fail the test. So Apache will load the file/directory instead of WordPress index.php. However, the fact that the requested directory is password protected with its own per-directory .htaccess file seems to cause Apache to think it’s not really a directory/file, thus satisfying the 2 tests and invoke WordPress index.php.

I tried to change my main .htaccess file to fix that. But couldn’t. And I am not alone. I find many people with similar problem in WordPress support forum. For example: WP 2.0 – htaccess overly aggressive? 404’s galore

Now I finally deviced a fix to it and it’s to change the index.php file WordPress is using. Since my WordPress install is inside a subdirectory in my web root, I have a copy of the index.php in my root directory while loads WordPress files from the subdirectory. So changing it is fine for updating WordPress won’t overwrite it.

Here’s the fix:
/* Short and sweet */
$request_filename = $_SERVER['DOCUMENT_ROOT'].$_SERVER['REQUEST_URI'];
$this_dir = dirname(__FILE__).'/';
if($request_filename!=$this_dir && $request_filename!=__FILE__ && (is_file($request_filename) || is_dir($request_filename))) {
  // we are not supposed be here!
// load WordPress in /wp
define('WP_USE_THEMES', true);

What it does is first make sure the request is not for the home directory or index.php itself. We want WordPress to handle these, right?

Then it tests if the request is a regular file or a real directory. And die if that’s the case. Basically we are doing what the two RewriteCond lines in .htaccess supposed to do. Magically, this works!

Now, my password protected directory correctly asks for password instead of showing WordPress 404 error page. All WordPress permalinks work. All non-protected directories work. Direct URLs to my Gallery2 work. It all works. That’s a rare thing to say about anything I did. Really! Just ask my wife about the house… Err, wait. No, don’t do that.

I don’t know if this would work with other setup, like WordPress is installed right in the web root. But I guess it should. So if you have the same problem, give it a try and let me know if it helps. Good luck.

「WordPress 2, .htaccess Protected Directory, and 404 Error」有 34 個回應

  1. 朱朱表示:

    Found a even better solution at Textpattern:


    Basically, the problems is partly caused by incomplete error document set up. Specifying error documents in .htaccess file fixed my problem. But the hack in the original post might still be of use in other situations.

    So scrap the above exercise. Or just pick your poison.

  2. Billy表示:

    Thank you!!! I’ve spent hours trying to figure out what was wrong!

  3. 朱朱表示:

    No problem. Glad to be of help.

  4. Patricia表示:

    Thank you!!!! I was having the exact same problem with one of my blogs and your solution worked right away. Much obliged!

  5. Nathan Logan表示:

    Hey, just wanted to say thanks for this solution. Even though I’m using Textpattern, the linked solution didn’t work out for me. So after battling with (and losing to) .htaccess, I implemented something like you have here.

    Thanks for the pointer!

  6. 朱朱表示:

    Nathan. You are welcome and glad that it works for you. Have fun!

  7. jayne d'Arcy表示:

    I was losing my hair over this maddening problem. I tried something similar to the textbook solution, but that didn’t work for me. My blog is in the root, so if that has something to do with it… I don’t know. I’m far from any sort of expert. However, I implemented your index.php modification just a few minutes ago and now my test subdirectory password protect is working. It also looks like the blog is continuing to work fine, with the pretty permalinks. I’ll give it a few more days and come back if anything goes wonky. Thanks, though, for this fix.

  8. 朱朱表示:

    Jayne. I am glad the tricks work for you.

    PS. I thought your comment was a spam at first when I read something about hair loss. 🙂

  9. […] a solution. Initially, I found one solution at DianeV’s Developed Traffic which lead me to Ju-Ju which eventually lead to the TextPattern FAQ. It seems that TXP users were experiencing the same […]

  10. Dave表示:

    Hrmm…I’ve tried doing the index.php mod that you suggested and it breaks my WP index.php. All other sections of WP work fine, but index.php loads empty. If I do this, my protected directory then works properly (but, I’m more concerned with the index.php loading than I am a protected directory – obviously!).

    I’m at a loss…if I switch back (which I have done), I regain functionality of WP, but I lose pw-protected doc to the 404 error.


  11. 朱朱表示:

    Dave. Have you tried the HTML error document fix in the first comment?

  12. Dave表示:

    I tried a bunch of variations…I was so close, but forgot to fix my error paths back so it was not reading properly. Just got it fixed now – many thanks!

  13. Chester表示:

    With WP installed in my root, I could not get the simple Error redirect fix to work. I had to use your index.php fix for this to be resolved properly.

  14. 朱朱表示:

    That’s cool. I knew my ugly hack has to be useful somehow. 🙂

  15. ismael表示:

    great! works perfect!!

    many thanks!


  16. 朱朱表示:

    Hi ismael. Glad that it works for you.

  17. Henriemedia.com表示:

    Thank you for the PHP code! I could’t get the .htaccess changes to work, but your code works like a dream for my WordPress nightmare!!! Thank you!!!

  18. MBC表示:

    Thanks for the solution, you saved me from going crazy and closing down the blog 😛

  19. 朱朱表示:

    You are welcome. Glad to be of help.

  20. Mário Gamito表示:


    I’ve tried your code very carefully, but I ended up with the same problem as Dave: the directory gets protected alright, but the blog only displays a blank page.

    I’m using WP 2.5.2

    Do you know what might be causing that ?

    Any help would be appreciated.

    Warm Regards,
    Mário Gamito

  21. Mário Gamito表示:

    Sorry, it’s 2.6.2 I’m using.

  22. 朱朱表示:

    Did you try the Textpattern fix mentioned in the 1st comment? If that doesn’t work and you are using my PHP code, is there a error_log file in your WordPress directory?

  23. 朱朱表示:

    Ya. That’s what I am talking about. The nasty curly quotes. Just edited my post by replacing the single quotes with its HTML entity. Now the code should copy and paste correctly.

    Sorry for the mess-up.

  24. brasilblogger表示:

    The Textpattern Mod does not work, but your index.php hack works fine on Hostgator with WP2.6.3 … Thanks for this solution! Greetz from Brazil, brasilblogger

  25. 朱朱表示:

    You are welcome, brasilblogger. Glad it works for you.

    Hm… I just find out WordPress replaces all the quotation marks in the code section with the smart/curly quotes. Bad! On to finding out how to fix it…


Panorama Theme by Themocracy