Protect single WordPress posts with .htacces and .htpasswd

FollaKY
June 13, 2022
122 views
0 votes
2 Answers

I’m lost and might need some guidance. Spent the last two days searching for a working solution, found plenty of posts, many of them pretty old, but nothing that would help.

For a client I’m running a WordPress site that has two functions: be an info portal and booking system AND display some info on 3 Android LCD screens running a Kiosk software.

The screens display 3 unique pages… Actually WordPress permalinks, that might be the source of the issue.

The code below is as close to working as I get it, in the sense that it prompts for user and password and also grants access when I’m proving the correct credentials.

# Infoscreen Protection
<FilesMatch "^(infoscreen-)[a-zA-Z]*$">
AuthName "Dialog prompt"
AuthType Basic
AuthUserFile /home/hostfolder/hostname/.htpasswd
Order Deny,Allow
Deny from all
Satisfy any
Require valid-user
</FilesMatch>

But it displays the page when I click on cancel, which is not ideal. I looked at this thread but couldn’t get a working code out of it:

htpasswd is bypassing when click cancel

cPanel log says:

AH01797: client denied by server configuration: /home/hostfolder/hostname/infoscreen-a

so the protection (and my regex) seems to work.

I found a post here (sorry, can’t find it having too many stackoverflow pages in my history) that suggested to edit one line in the WordPress section of the .htaccess file to
RewriteRule ./ /index.php [L] instead of RewriteRule /index.php [L] but that didn’t seem to do anything except throwing error within other parts of the page like the booking system (I’m assuming as things are not where they’re expected to be…). Also, although I’m prompted, credentials do not work and I’m prompted again…

Tried to wrap my FilesMatch inside of a <IfModule mod_authz_core.c> statement, but that only disabled the prompt.

Any suggestions on how to make this code work, I start not seeing the forest for the trees…

P.S. The path to the AuthUserFile is correct. Also, the page is a subdomain of my main site and is not inside the public_html folder.

Answers

Chosen as BEST ANSWER
- FollaKY
- June 14, 2022 at 4:22 pm
- 0 votes
0
I'm answering my question, but credit goes to CBroe who was suggesting that the solution was related to ErrorDocuments (Error Pages for those who, like me, have a hosting using cPanel).

After creating blank (in cPanel simply Edit and Save, no modifications needed) Error Pages for both 401 and 403 responses, the basic HTTP Authentication method started working.

Again, a big thank you to Cbroe for pointing me in the right direction! For an explanation as to why this is happening, see this link on WordPress.org

(Edit)

- Curky
- June 13, 2022 at 12:06 pm
- 0 votes
0
Hi not sure on the code above, but did you think about using the native WordPress password protect feature for posts? Could that solve your issue?

Login or Signup to reply.

Please signup or login to give your own answer.

Click here to cancel reply.