« Domain Names | Main | 32 Search Engine Optimization Tips »
Fix for WordPress protected directory returning a 404 error
By Henrie Media Inc. | May 23, 2008
I just installed WordPress as my default Content Management System (CMS) on Henriemedia.com. WordPress is an awesome open-source web application the provides an easy to use - yet extremely robust - interface and set of tools. I highly recommend using it for your next blog or CMS needs (shameless plug).
Anyways, I installed WordPress in the root of my website and kept an administrative subdirectory from my previous website design, which is protected with a password using the “Protected Directory” function of Apache. For the sake of this article, we will say that subdirectory is called “travel” (there is no such directory on my website so please do not try and find it).
I then configured the WordPress settings for “Permalinks” to help with the Search Engine Optimization (SEO) value of my website. Everything was going along great. I started adding content and I was on my way - until I tried accessing the “travel” protected directory I setup. Every time I tried to access this folder I would get a 404 error. The reason the 404 error was displaying is because the .htaccess file, which was automatically created by the Permalinks settings, was causing the problem.
WordPress created .htaccess file looks like this -
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
What it does is check to see if the requested filename is a regular file or a real directory. If it’s neither of the two then redirect to /index.php, which is a WordPress entry. So Apache will load the file or directory instead of WordPress index.php. However, the fact that the requested directory is password protected with its own directory .htaccess file seems to cause Apache to think it’s not really a directory or file, thus satisfying the 2 tests and invoking WordPress’s index.php - and thus the 404 error.
After days (and I do mean days) of searching the forums on WordPress.org and many other forums, boards and blogs, I found two solutions to this problem.
Please use one OR the other, do not implement both!
First, the .htaccess solution. NOTE: If you are not comfortable editing the .htaccess file, please scroll down and use the PHP solution. You need to added the following two lines of code to your .htaccess file:
ErrorDocument 401 /[path_to_file]/[file_name].html
ErrorDocument 403 /[path_to_file]/[file_name].html
Remember to change the [path_to_file] and {file_name].html values to the location of your custom error documents. So your the root .htaccess file should now look like this -
ErrorDocument 401 /[path_to_file]/[file_name].html
ErrorDocument 403 /[path_to_file]/[file_name].html
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
Upload the .htaccess file and you should be up and running. Now I have seen some instances where this solution does not work, for whatever reason, or people do not feel comfortable editing their .htaccess files. If this is the case, please use the PHP solution below.
Second, the PHP solution. You need to make the following changes to the “index.php” file that is in the root directory of your WordPress installation. When you open this file, it should have the following code -
<?php
/* Short and sweet */
define(’WP_USE_THEMES’, true);
require(’./wp-blog-header.php’);
?>
Make sure you keep a backup copy of the “index.php” file just in case (you never know)!
All you have to do is replace the original code with this code -
<?php
/* Short and sweet */
$request_filename = $_SERVER['DOCUMENT_ROOT'].$_SERVER['REQUEST_URI'];
$this_dir = dirname(__FILE__).’/';
if($request_filename!=$this_dir && $request_filename!=__FILE__ && (is_file($request_filename) || is_dir($request_filename))) {
// we are not supposed be here!
die;
}
// load WordPress in /wp
define(’WP_USE_THEMES’, true);
require(’./wp-blog-header.php’);
?>
Now save the file and upload the new “index.php” file to the root folder of your WordPress installation directory and your done!
What the PHP solution does is it makes sure the request is not for the home directory or index.php itself - this is because you want WordPress to handle these.
Then it tests if the request is a regular file or a real directory - it dies if that’s the case. Basically you are doing what the two RewriteCond lines in .htaccess supposed to do.
Now your password protected directory correctly asks for password instead of showing WordPress’s 404 error page. All WordPress permalinks work. All non-protected directories work. My “travel” subdirectory is now usable again - YAHOO!
I must give credit where credit is due. I found the .htaccess solution on Textpattern.com and the PHP solution on ju-ju.com.
I hope one of these solutions work for you so you don’t have to waste as much time as I did!
As WordPress’s motto says “Code is Poetry”. Please leave a comment if you find this post to be helpful.
Print This Post
Topics: Technical Support, Web Applications |
August 16th, 2008 at 4:06 am
Your blog is interesting!
Keep up the good work!
September 1st, 2008 at 7:11 pm
If you copy and past the php code, make sure to convert all of the ’ to ‘ . Kyle, I think if you use the WP
tag in your post it will not convert these characters.September 2nd, 2008 at 9:13 am
Thanks Nick! I will do that.