[wp-trac] [WordPress Trac] #42120: htpasswd protection not working due to .htaccess rewrite rules

WordPress Trac noreply at wordpress.org
Fri Oct 6 09:44:26 UTC 2017 

#42120: htpasswd protection not working due to .htaccess rewrite rules
--------------------------------+-----------------------------
 Reporter:  subscriptiongroup   |      Owner:
     Type:  defect (bug)        |     Status:  new
 Priority:  normal              |  Milestone:  Awaiting Review
Component:  Networks and Sites  |    Version:  4.8.2
 Severity:  normal              |   Keywords:
  Focuses:                      |
--------------------------------+-----------------------------
 Came across a strange bug whilst trying to password protect our staging
 sites.

 This seems to be a known issue as a solution is already suggested online,
 however unless you know where to look, the first point of call would be to
 check with the server configuration/Apache/WHM.

 Considering this is a small and easy fix that shouldn't break other
 features, it would be great to include to core.

 '''The setup'''
 * WHM 66.0.24 CentOS 7.4
 * Apache
 * Latest WP installed at /public_html

 '''Steps to reproduce'''
 1. Enable permalinks
 2. Go to cPanel and enable "Directory Privacy" on the public_html folder
 OR
 3. Update .htaccess to append AND
 {{{
 AuthType Basic
 AuthName "Test"
 AuthUserFile "/home/username/.htpasswds/public_html/passwd"
 require valid-user
 }}}
 4. Create the passwd file on the directory shown above
 5. Go to your staging site such as staging.website.com and confirm the
 login prompt is showing
 6. Don't enter any details, but click cancel multiple times
 7. Notice how the page content is now showing.
 8. Try ctrl+u to see the source of the page and notice how the whole HTML
 is there.

 '''The solution'''
 1. Edit the .htaccess file in your WordPress home folder
 2. Find the line RewriteRule . /index.php [L]
 3. Replace with RewriteRule ./ /index.php [L]

 '''The sources of this fix'''
 Kudos to WHM Support who directed me to the solution and HostGator for
 actually publishing it
 http://support.hostgator.com/articles/wordpress-preventing-you-from-
 password-protecting-a-directory

--
Ticket URL: <https://core.trac.wordpress.org/ticket/42120>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list