Opened 6 years ago
Last modified 4 years ago
#42120 new defect (bug)
htpasswd protection not working due to .htaccess rewrite rules
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Milestone: | Awaiting Review | Priority: | normal |
| Severity: | normal | Version: | 4.8.2 |
| Component: | Rewrite Rules | Keywords: | |
| Focuses: | Cc: |
Description
Came across a strange bug whilst trying to password protect our staging sites.
This seems to be a known issue as a solution is already suggested online, however unless you know where to look, the first point of call would be to check with the server configuration/Apache/WHM.
Considering this is a small and easy fix that shouldn't break other features, it would be great to include to core.
The setup
- WHM 66.0.24 CentOS 7.4
- Apache
- Latest WP installed at /public_html
Steps to reproduce
- Enable permalinks
- Go to cPanel and enable "Directory Privacy" on the public_html folder OR
- Update .htaccess to append AND
AuthType Basic AuthName "Test" AuthUserFile "/home/username/.htpasswds/public_html/passwd" require valid-user
- Create the passwd file on the directory shown above
- Go to your staging site such as staging.website.com and confirm the login prompt is showing
- Don't enter any details, but click cancel multiple times
- Notice how the page content is now showing.
- Try ctrl+u to see the source of the page and notice how the whole HTML is there.
The solution
- Edit the .htaccess file in your WordPress home folder
- Find the line RewriteRule . /index.php [L]
- Replace with RewriteRule ./ /index.php [L]
The sources of this fix
Kudos to WHM Support who directed me to the solution and HostGator for actually publishing it
http://support.hostgator.com/articles/wordpress-preventing-you-from-password-protecting-a-directory
Note: See
TracTickets for help on using
tickets.