05/27/2007

WordPress admin password protection 404

Yes, WordPress admin password protection 404 — how's that for a string of words! Anyway, I always password-protect (via .htaccess) my WordPress admin directory, as I figure it may be relatively easy to get past the WordPress login. However, in moving the blogs from our old VPS to our new server, I suddenly got weird behavior:

  1. After logging in, instead of going to the WordPress admin area, I'd get a 404
  2. It didn't happen on the DianeV blog, which is also WordPress
  3. It didn't happen on other static HTML sites
  4. It was happening to sites where the blog was in the root, like developedtraffic.com
  5. Some other stuff that seemed weird

After hammering away at it for a bit, I turned to the good folks at LiquidWeb (hi Ben!), the home of our server. Ben finally concluded that it had something to do with the root directory .htaccess which gives us the nice word-based URLs — but, since this blog is coming up on three years old, this wouldn't be the time to change all the URLs.

However, that clue in hand, I did find a solution at the DreamHost wiki. It turns out that only points #1, #2 and #4 above are pertinent. Essentially, WordPress' root .htaccess was so rewriting the URLs that one couldn't log in without getting bounced out of there unceremoniously. Luckily (because I would still be working on it), DreamHost posted some code to solve the problems their own customers using WordPress (and other blogging software) were encountering (not being able to log into their stats directories). So, with a slight rewrite, here's my root .htaccess, or at least the pertinent part of it:

WordPress admin password protection 404 — (Edited)

[Note: I'm leaving this for history, but read to the bottom; there may be a better solution]

# To bypass WP mod_rewrite & get into wp-admin
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_URI} ^/wp/wp-admin/(.*)$ [NC]
RewriteRule ^.*$ – [L]
</IfModule>

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress

Ben also solved the mystery of why, when people post comments here and opt to receive email notifications of newer comments, the emails suddenly started bouncing back at me in a flood. Well ::cough:: never mind that. It's fixed. <grin>

Oops: had to edit the file, as when I returned this morning, I was getting the 404 again. Found the solution in the WordPress forums. Anyway, thanks to all who made this possible.

But wait … not so fast!

For some reason, the above .htaccess solution is strangely temporary with my WordPress blogs (the ones with WP installed in root) — that is, it works, but once I reboot, I get the same 404 problem. However, I've found found a solution at ju-ju.com's WordPress 2, .htaccess Protected Directory, and 404 Error. While the author has pointed to a solution in a comment, his own solution (editing index.php) has, for me, survived a reboot/cache dump. So far, so good. I hope this is not an ongoing problem.

Ah, try this one!

ADDED: Thanks to Teli's comment below, I've implemented the TPX solution (from TextPattern), and all is solved. I created a myerror.html page and, in the .htaccess, removed the above "fix" (and the fix in the index.php) and added the following:

ErrorDocument 401 /misc/myerror.html
ErrorDocument 403 /misc/myerror.html

I ALSO REBOOTED MY COMPUTER, which was causing my first fix above to stop working, and this one not to work at all until reboot. Hats off to TextPattern.

53 Comments to "WordPress admin password protection 404"

  1. Teli says:

    This problem exists with any password protected directory that resides alongside WordPress, not just the admin folder. Thanks for pointing out the solution, Diane. It will surely come in handy. :)

    ~ Teli

  2. Diane Vigil says:

    I hope it works, Teli, because I've had some problems with it.

    Strangely, I didn't have this problem on our old servers. And I don't have it if the blog is in a subdirectory, like site.com/blog — whether or not WP is in the /blog directory or /blog/wordpress.

    Strange.

    Oh. I just realized what you're saying, Teli … that if WP is in root but there are other password-protected directories that may have nothing to do with WordPress, then there is an issue. Not good.

  3. Teli says:

    Yep. Exactly.

    For instance, WP is installed in root and you have another folder, also installed in root, called 'private' (as a random example) which is password protected, WP will throw up the 404 error whenever your try to access 'private' even though it exists.

    Certainly not good, but I'm testing out the solution you've pointed out. For now, the TXP solution seems to be working. (Adding two lines to the .htaccess file.)

    ~ Teli

  4. Diane Vigil says:

    I must have skipped something here. What's the TXP solution?

  5. Teli says:

    Oh, sorry.

    The TXP solution:

    Create two new documents for the 401 and 403 errors, then add those error directives to the .htaccess file.

    ~ Teli

  6. Solution for Password Protected Directories and WordPress - WordPress SEO and Blog Marketing says:

    […] Well, there’s a solution. Initially, I found one solution at DianeV’s Developed Traffic which lead me to Ju-Ju which eventually lead to the TextPattern FAQ. It seems that TXP users were experiencing the same problem as well, and it’s because of an improper error document directive. […]

  7. Diane Vigil says:

    Okay. I'll give that a try — and thanks!

  8. TechDuke says:

    Moving a blog to new server seems scary stuff to me, as you don't know what is going to happen. I've bookmarked this page, for future :-)

  9. Chris says:

    This seems to happen with any sub-directory in the root directory. For example, if you have WP 2.3.x installed in your root directory, a folder for images is inaccessible.

    e.g.
    /images/file.jpg

    I haven't been able to adapt the above to fix it yet…any suggestions?

    Thanks!

  10. Hardening Your Wordpress Blog says:

    […] I did come across one problem when using the .htaccess file to secure the wp-admin folder.  It would show the WordPress 404 error.  A bit of searching brought up an article that linked to another.  Basically I had to add two ErrorDocument directives. […]

  11. Diane Vigil says:

    Hi, Chris. I take it (from your trackback?) that you solved the /images folder problem by adding the *two* error directives?

  12. wtf says:

    This has been driving me nuts for the last hour. I did the 401 403 htaccess solution that you found and it works fine now. That's some crazy work around.

  13. Diane Vigil says:

    Excellent. Glad it works — and in a way that you can still protect your admin folder. And I agree that it's an odd workaround — but what the heck. :)

  14. Stephen Cronin says:

    Diane,

    Thanks for this – solved my problem. I'd been trying to use the AskApache plugin to lock the wp-admin folder and ran into this problem. All sorted now! Thanks so much!

  15. Diane Vigil says:

    You're welcome, Stephen. I'd had the same problem, and sorting it out took a while, so I hoped my posting the solutions here would help others. Glad it helped.

  16. Darko Bunic says:

    Thank You, that was exactly happened at my site http://www.redips.net After putting these two lines about new description of 401 and 403 "Page not found" was gone. I thought that was something wrong with cpanel or strange Apache configuration – anyway you saved me – thanks!

  17. Diane Vigil says:

    Excellent! Glad it helped.

  18. mike says:

    i did this and it didnt work. just added the lines in the .htaccess and put the file in a wp folder. I cant access any non-wp folders or files….just get a 404. WP is on the site root and I have a script file I need to run on the site…..any help appreciated.

  19. Diane Vigil says:

    Hi Mike. I'm not sure what you mean about a "script file I need to run on the site" … what does it do?

    At any rate, you'll note from what I wrote above that, even though this blog is in the root directory, I locate the WordPress files in a /wp directory (I don't like "messy" servers). So you'd likely have to remove the "/wp".

    Hope that helps.

  20. mike says:

    Hi Diane,

    The script just runs a link management app. but its irrelevant because I get a 404 if I try to access a test.html file that I create and place in a subdirectory on the site.

    Basically WP sends a 404 for any new non-WP file I create. I need to access some non-WP pages on the site from links within the blog.

  21. Diane Vigil says:

    Hi Mike. Understood. I also have non-WP pages on this site, and have no problems.

    What I'd suggest is to make sure that the above mod_rewrite is correct for your site. For instance, this may be incorrect (because, on this site, the WP files are in the /wp directory):

    /wp/wp-admin/

    Perhaps /wp-admin/ would work for you?

  22. sajan says:

    To
    sir i want tosolution for administrator password for windows xp professional Thanks

  23. Diane Vigil says:

    Hello, Sajan. I'm not sure what you're asking … but this article is about the administration area of WordPress. I'm not sure what your question is regarding Windows XP.

  24. Abigail says:

    I also have the same problem when I installed Askapache plugin…..and it\'s still not solved yet!! I\'m locked out from my own site!!!!

    I don\'t know how to fix it….SOO SADDD!!!!!

    I wish there is someone help me

  25. Diane Vigil says:

    Wow, Abigail. Did you try the above suggestions? These have worked on a number of blogs.

    I would suggest FTPing into your blog and deleting the Askapache plugin. However (since I haven't used Askapache), you'll have to first check to see whether it created an .htaccess file (or amended an existing one), as deleting it may not remove the amendments.

    I'd check at wherever you got the Askapache plugin to see what issues might ensue.

  26. Abigail says:

    I have done all solutions you suggested…and it\'s still didn\'t work…

    OMG!!! So frustrated Diane….

    and the bad news is I forgot my ASKAPACHE\'s password

    great!

  27. Diane Vigil says:

    Okay. Well, "It still didn't work" is not much of a description. If you can specify what happened, perhaps I can help.

  28. Abigail says:

    every time I try to insert password for wp-admin, it always direct me to 404 error page.

    These are the
    solutions that I've done:
    1. Deleting the Apache plugin -but soon I realized it didn't help me much

    2. Upload my database backup through my cpanel – still didn't work

    3. Contacted my local hosting to find what is the problem, and they seems to delete Apache protection password

    4. Added TPX solution to my .htaccess

    5. Follow Ju-ju's instruction

    and, well…it's still didn't work. maybe you wanna contact me on my yahoo mail personally?

    I have done all things and still there is 404 error page whenever I click my site admin

    Help Diane

  29. Diane Vigil says:

    Okay. Again, "didn't help me much" doesn't tell us anything. And I don't know what you did before you starting having a problem … apparently having a problem reaching your admin panel?

    As to your steps, I doubt if inability to access your control panel means your database has been deleted.

    As to #4 and #5, I don't know what TPX is.

    If you want me to try to help, tell me (a) what the problem is, and (b) what you did before you started having that problem. Otherwise, I'm guessing.

  30. Abigail says:

    a) my problem : I can't log in to admin (dashboard), it directs me to 404 error page

    b)I activated ASKAPACHE plugin. I activated admin and login protection. and suddenly just got these problems…404 error page. and soon, I deleted APACHE plugin via FTP, and still there is 404 error page whenever I try to enter dashboard area.

  31. Diane Vigil says:

    Okay. What I'd do at this point would be:

    (1) Look in your admin folder (directory) to see if there's an .htaccess in it. If there is, rename it and try to log in.

    (2) If that doesn't work, temporarily rename any .htaccess file in your blog's root directory. Then see if you can log in.

    (3) If that doesn't work, since it's a little more complicated than just deleting the plugin, I'd ask the Askapache people what to do.

    Note: if you're using what WordPress used to call "pretty URLs" (word-based URLs rather than dynamic URLs), you'll still need the root .htaccess file, so don't delete it without backing it up first. (And, if #1 or #2 above enable you to log in AND you also need the root .htaccess, then you'll have to edit it, which you can't do if you've deleted it!)

    Well, there it is. I hope this helps.

  32. Abigail says:

    HI, Diane…it\'s a very nice of you…thank you…

    but it still didn\'t work…I\'ve tried your suggestion above.

    that number 3rd you mean is I shouldn\'t deleted my plugin? If I have deleted already, is that mean I\'m gonna lose my blog?

  33. Diane Vigil says:

    Abigail, what I said is that I think you should probably talk to the people who made the plugin … because just deleting the plugin didn't fix your problem. I could speculate endlessly, but I don't know anything about that plugin.

    If you are worried about losing your blog, just back it up:

    (1) Get an FTP program and download your WordPress files.
    (2) Make a backup of your WordPress database. If you don't know how, ask your web host to help you.

    Then go talk to the people who made the plugin, since they'll know what's going on with it.

  34. Abigail says:

    yes, Diane, I've ask help to ASKAPCHE…but it seems they took long time to reply me.

    But, I'm totally grateful for your concern….

    I'm waiting for your replies…if you might find a way to these things.

    thanks Diane

  35. Diane Vigil says:

    Hi, Abigail. Unfortunately, since I don't know anything about the Askapache plugin, we've exhausted my suggestions. You need to get someone who can help you directly, not just by typing on a blog.

    Also, you can try the WordPress forums. Here's a search for Askapache … which seems to have some issues. Perhaps that can help.

    P.S. Back up your WP files and database!

  36. Abigail says:

    yeah I guess…

    I really need a professional help I think… thanks Diane

  37. Diane Vigil says:

    You're very welcome — and good luck!

  38. Abigail says:

    :)

    btw, I've bookmark your site

  39. Diane Vigil says:

    Aw, thanks. Appreciated.

  40. Abigail says:

    hi Diane,
    just drop by to say my site is normal again….

    a nice friend of mine made it happened…
    and thank you so much for your concern all these times :)

    Abigail

  41. Diane Vigil says:

    Excellent! Glad to hear you got it worked out. (And you're welcome.)

  42. Bradley says:

    How did they "make it happen" Abigail?

    I have 2 word press installs on the same server. One is a public blog in the root. The ohter is a password protected blog for our reps.

    After we password protected the sub directory we started having the above issue. I found this solution and it worked great. However, our site was moved to a new server. Aledgidly the server is identical to the original. Although I have the same htaccess file in my root with:

    ErrorDocument 401 /misc/myerror.html
    ErrorDocument 403 /misc/myerror.html

    I am still reveiving an error after logging into the sub directory.

    The root instalation is fine, nothing wrong. The sub directory blog also runs just fine, until you apply the password protection. Thats when you recieve an error 404.

    We are using CPanel if that is helpful. Seems quite odd that the solution was working then after the move it doesn't. Do you have any thoughts?

  43. Abigail says:

    I'm so sorry Bradley, but I don't really know how my friend fixed this…he's the one that fix my problems…

    One thing that I know, maybe you should delete all .htaccess in your subdirectory, root, etc…wherever you find it.

    I'm sorry, but I'll ask my friend how he can fix it? so I can tell you how to fix it :)

  44. Bradley says:

    Found the resolution, wasn't with wordpress or htaccess files. it was an error in the psswrd files. Server admin corrected.

  45. Diane Vigil says:

    Ah, excellent. Glad you were able to get it corrected.

  46. Tino says:

    Thanks for this, helped me out worked great!!

  47. Diane Vigil says:

    I'm glad it helped, Tino.

  48. Ste says:

    Didnt just help you mr tino, I have been looking for a solution like this for a while. Although wordpress is a great package there always seems to be little things that cause major headaches.
    Thanx for this info anyway!

    Ste

  49. Nimit kashyap says:

    This is the most useful information i got about wordpress
    security

  50. Diane Vigil says:

    Thanks, Nimit. Glad it was of use to you. I like your site, too.

  51. Galeri says:

    ?s there another simple way for doing password protection ?
    Cos i use a spesific .htaccess code ?

  52. Diane Vigil says:

    Galeri, I'm not sure I understand what you're asking. On Unix/Linux servers, password protection is usually done with .htaccess files, and you can have more than one entry in an .htaccess file.

  53. Nim says:

    I was running into this problem when installing AskApache Password Protect. Looks like that short workaround fixed the problem. THANKS!

Have your say ...

First-time comments will be held for moderation (but comments are appreciated). Otherwise, just be courteous. If your name is a bunch of keywords, your comment will be deleted. Don't post links unless highly pertinent. Posters must be 16 or older.

Manage your subscriptions

Archives
© 2004-2017 DianeV Web Design Studio. All Rights Reserved.
34 queries. 0.230 seconds.