Title: htaccess & Apache Auth
Last modified: August 19, 2016

---

# htaccess & Apache Auth

 *  [gcaprio](https://wordpress.org/support/users/gcaprio/)
 * (@gcaprio)
 * [16 years, 1 month ago](https://wordpress.org/support/topic/htaccess-amp-apache-auth/)
 * Hi,
 * I’m trying to secure my wordpress installation using an .htaccess file. However,
   I have custom permalink settings, which adds this to my root .htaccess file:
 * # BEGIN WordPress
    <IfModule mod_rewrite.c> RewriteEngine On RewriteBase / RewriteCond%{
   REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.
   php [L] </IfModule>
 * # END WordPress
 * As soon as I add anything surrounding the wp-login.php file:
 * <Files wp-login.php>
    AuthType Digest AuthName “blah” AuthUserFile /home/blah/.
   htpasswd Require valid-user </Files>
 * I get 404 errors. If I remove the first section, the password protection works,
   but none of my permalinks work. If I remove the second section, permalinks work,
   but not security.
 * I can’t really see what I’m doing wrong here. Anyone have any idea?
 * Thanks

Viewing 3 replies - 1 through 3 (of 3 total)

 *  [Reaper-X](https://wordpress.org/support/users/reaper-x/)
 * (@reaper-x)
 * [16 years, 1 month ago](https://wordpress.org/support/topic/htaccess-amp-apache-auth/#post-1493057)
 * I have no problem simulating your auth digest (in other words, it works fine 
   even with custom permalink) by placing:
 *     ```
       <Files wp-login.php>
       AuthType Digest
       AuthName "blah"
       AuthUserFile /home/blah/.htpasswd
       Require valid-user
       </Files>
       ```
   
 * inside the wordpress rewrite rule or outside wordpress rewrite rule (located 
   before wp rewrite rule or after wp rewrite rule)
 *  Thread Starter [gcaprio](https://wordpress.org/support/users/gcaprio/)
 * (@gcaprio)
 * [16 years, 1 month ago](https://wordpress.org/support/topic/htaccess-amp-apache-auth/#post-1493108)
 * Incredibly bizzare. This is literally the entire contents of my .htaccess:
 * <Files wp-login.php>
    AuthType Digest AuthName “blah” AuthUserFile /home/blah/.
   htpasswd Require valid-user </Files>
 * # BEGIN WordPress
 * <IfModule mod_rewrite.c>
    RewriteEngine On RewriteBase / RewriteCond %{REQUEST_FILENAME}!-
   f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] </IfModule
   > # END WordPress
 * No matter how I flop them around, or if I place the wp-login rule inside the 
   rewrite rule, I still get a 404. Going to keep trying i guess.
 *  Thread Starter [gcaprio](https://wordpress.org/support/users/gcaprio/)
 * (@gcaprio)
 * [16 years, 1 month ago](https://wordpress.org/support/topic/htaccess-amp-apache-auth/#post-1493110)
 * OK, small update. Looks like if I use this:
 * <Files wp-login.php>
    Order Deny,Allow Deny from All Allow from <my ip> </Files
   >
 * Things work. So it looks like something is up with my server and the Digest Auth.
   Thanks for all your help.

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘htaccess & Apache Auth’ is closed to new replies.

## Tags

 * [htaccess](https://wordpress.org/support/topic-tag/htaccess/)

 * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
 * 3 replies
 * 2 participants
 * Last reply from: [gcaprio](https://wordpress.org/support/users/gcaprio/)
 * Last activity: [16 years, 1 month ago](https://wordpress.org/support/topic/htaccess-amp-apache-auth/#post-1493110)
 * Status: not resolved

## Topics

### Topics with no replies

### Non-support topics

### Resolved topics

### Unresolved topics

### All topics