WordPress admin password protection 404
Yes, WordPress admin password protection 404 — how's that for a string of words! Anyway, I always password-protect (via .htaccess) my WordPress admin directory, as I figure it may be relatively easy to get past the WordPress login. However, in moving the blogs from our old VPS to our new server, I suddenly got weird behavior:
- After logging in, instead of going to the WordPress admin area, I'd get a 404
- It didn't happen on the DianeV blog, which is also WordPress
- It didn't happen on other static HTML sites
- It was happening to sites where the blog was in the root, like developedtraffic.com
- Some other stuff that seemed weird
After hammering away at it for a bit, I turned to the good folks at LiquidWeb (hi Ben!), the home of our server. Ben finally concluded that it had something to do with the root directory .htaccess which gives us the nice word-based URLs — but, since this blog is coming up on three years old, this wouldn't be the time to change all the URLs.
However, that clue in hand, I did find a solution at the DreamHost wiki. It turns out that only points #1, #2 and #4 above are pertinent. Essentially, WordPress' root .htaccess was so rewriting the URLs that one couldn't log in without getting bounced out of there unceremoniously. Luckily (because I would still be working on it), DreamHost posted some code to solve the problems their own customers using WordPress (and other blogging software) were encountering (not being able to log into their stats directories). So, with a slight rewrite, here's my root .htaccess, or at least the pertinent part of it:
WordPress admin password protection 404 — (Edited)
[Note: I'm leaving this for history, but read to the bottom; there may be a better solution]
# To bypass WP mod_rewrite & get into wp-admin
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_URI} ^/wp/wp-admin/(.*)$ [NC]
RewriteRule ^.*$ - [L]
</IfModule>
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
Ben also solved the mystery of why, when people post comments here and opt to receive email notifications of newer comments, the emails suddenly started bouncing back at me in a flood. Well ::cough:: never mind that. It's fixed. <grin>
Oops: had to edit the file, as when I returned this morning, I was getting the 404 again. Found the solution in the WordPress forums. Anyway, thanks to all who made this possible.
But wait … not so fast!
For some reason, the above .htaccess solution is strangely temporary with my WordPress blogs (the ones with WP installed in root) — that is, it works, but once I reboot, I get the same 404 problem. However, I've found found a solution at ju-ju.com's WordPress 2, .htaccess Protected Directory, and 404 Error. While the author has pointed to a solution in a comment, his own solution (editing index.php) has, for me, survived a reboot/cache dump. So far, so good. I hope this is not an ongoing problem.
Ah, try this one!
ADDED: Thanks to Teli's comment below, I've implemented the TPX solution (from TextPattern), and all is solved. I created a myerror.html page and, in the .htaccess, removed the above "fix" (and the fix in the index.php) and added the following:
ErrorDocument 401 /misc/myerror.html
ErrorDocument 403 /misc/myerror.html
I also rebooted, which was causing my first fix above to stop working; this one works fine. Hats off to TextPattern.
15 Comments to "WordPress admin password protection 404"
Have your say ...
If this is your first comment, it will be held for moderation (but comments are appreciated). Two rules: be respectful and polite, and don't drop links unless highly pertinent. Posters must be 18 or older. We use Akismet, so if you don't see your non-spam comment posted, contact me.
Teli says:
Comment posted on 06/12/07 @ 8:49 pm
This problem exists with any password protected directory that resides alongside WordPress, not just the admin folder. Thanks for pointing out the solution, Diane. It will surely come in handy. :)
~ Teli
Diane Vigil says:
Comment posted on 06/12/07 @ 9:01 pm
I hope it works, Teli, because I've had some problems with it.
Strangely, I didn't have this problem on our old servers. And I don't have it if the blog is in a subdirectory, like site.com/blog — whether or not WP is in the /blog directory or /blog/wordpress.
Strange.
Oh. I just realized what you're saying, Teli … that if WP is in root but there are other password-protected directories that may have nothing to do with WordPress, then there is an issue. Not good.
Teli says:
Comment posted on 06/12/07 @ 10:25 pm
Yep. Exactly.
For instance, WP is installed in root and you have another folder, also installed in root, called 'private' (as a random example) which is password protected, WP will throw up the 404 error whenever your try to access 'private' even though it exists.
Certainly not good, but I'm testing out the solution you've pointed out. For now, the TXP solution seems to be working. (Adding two lines to the .htaccess file.)
~ Teli
Diane Vigil says:
Comment posted on 06/12/07 @ 10:30 pm
I must have skipped something here. What's the TXP solution?
Teli says:
Comment posted on 06/12/07 @ 10:43 pm
Oh, sorry.
The TXP solution:
Create two new documents for the 401 and 403 errors, then add those error directives to the .htaccess file.
~ Teli
Solution for Password Protected Directories and WordPress - WordPress SEO and Blog Marketing says:
Pingback posted on 06/12/07 @ 10:46 pm
[…] Well, there’s a solution. Initially, I found one solution at DianeV’s Developed Traffic which lead me to Ju-Ju which eventually lead to the TextPattern FAQ. It seems that TXP users were experiencing the same problem as well, and it’s because of an improper error document directive. […]
Diane Vigil says:
Comment posted on 06/12/07 @ 10:51 pm
Okay. I'll give that a try — and thanks!
TechDuke says:
Comment posted on 06/13/07 @ 12:33 pm
Moving a blog to new server seems scary stuff to me, as you don't know what is going to happen. I've bookmarked this page, for future :-)
Chris says:
Comment posted on 10/31/07 @ 8:44 am
This seems to happen with any sub-directory in the root directory. For example, if you have WP 2.3.x installed in your root directory, a folder for images is inaccessible.
e.g.
/images/file.jpg
I haven't been able to adapt the above to fix it yet…any suggestions?
Thanks!
Hardening Your Wordpress Blog says:
Pingback posted on 10/31/07 @ 11:07 am
[…] I did come across one problem when using the .htaccess file to secure the wp-admin folder. It would show the Wordpress 404 error. A bit of searching brought up an article that linked to another. Basically I had to add two ErrorDocument directives. […]
Diane Vigil says:
Comment posted on 10/31/07 @ 11:39 am
Hi, Chris. I take it (from your trackback?) that you solved the /images folder problem by adding the *two* error directives?
wtf says:
Comment posted on 11/10/07 @ 8:11 pm
This has been driving me nuts for the last hour. I did the 401 403 htaccess solution that you found and it works fine now. That's some crazy work around.
Diane Vigil says:
Comment posted on 11/10/07 @ 8:37 pm
Excellent. Glad it works — and in a way that you can still protect your admin folder. And I agree that it's an odd workaround — but what the heck. :)
Stephen Cronin says:
Comment posted on 03/19/08 @ 5:13 pm
Diane,
Thanks for this - solved my problem. I'd been trying to use the AskApache plugin to lock the wp-admin folder and ran into this problem. All sorted now! Thanks so much!
Diane Vigil says:
Comment posted on 03/19/08 @ 5:18 pm
You're welcome, Stephen. I'd had the same problem, and sorting it out took a while, so I hoped my posting the solutions here would help others. Glad it helped.