WordPress and Password Protected Directories

I think I just solved an issue with WordPress Permalinks and password protected directories that use Apache’s .htaccess. Here’s the problem in detail. I have WordPress installed on the root of my domain. Under that domain, I have a directory that I want password protected using .htaccess. It’s just a directory containing a few PHP scripts. Every time I try to access the password protected directory, I get a 404 page missing error. WordPress is confused thinking the directory is a post or a page. Since it’s not, it generates a 404 error instead.

The workaround for this is to place a couple of error codes at the top of the .htaccess to pre-empt the WordPress .htaccess rules. There are a couple of scenarios. If there is 401 situation, an authentication in this case, it will send the user to the error document which is just a blank html file. The WordPress permalinks rule never gets processed or is ignored. If there is a 403 error code, a forbidden situation in this case, it will send the user to that error document as well.

Here is the working .htaccess file. You will see the two error code rules at the top of the file. Underneath, you will see the standard WordPress permalinks rules.

ErrorDocument 401 ./blank.html
ErrorDocument 403 ./blank.html
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress

Simple fix. Thanks to aiso.net.