Categories
Thoughts Wordpress

WordPress 404 error when using .htaccess in wp-admin

One of the most useful articles on the WordPress Codex is the one entitled ‘Hardening WordPress‘, full of recommendations on how to beef up the security of your installation. One such is the tip to have a second layer of authentication on top of the WordPress login direction ‘wp-admin’ using .htaccess and BasicAuth.

What it fails to mention that doing this will cause /wp-admin to return a 404 error as soon as the .htaccess file is in place. In trying to work out why this is I read a variety of articles, all full of utterly useless advice (lots of guesses and no solutions), until I found this much more informed article, which properly explained the problem.

So while full credit goes to the author above, I am restating this information here because it took me a lot of links to find that one, and it never hurts to have another site featuring a proper fix.

Cause

This problem is caused by the Rewrite rules in the .htaccess of the WordPress root directory. The rewrite rules look for a valid WP directory or file and redirect to ‘index.php’ if these are not found. This creates a bit of a permissions conflict which results in a 404, because the webserver is looking for either a 401 Unauthorised page, or a 403 Access Forbidden page. If neither of these are specified in the root .htaccess file of the WordPress installation, a 404 not found page appears.

Solution

Modify the root .htaccess file (i.e. not the one in wp-admin) to include these two lines:

ErrorDocument 401 error401.html
ErrorDocument 403 error403.html

You actually need to create the error files specified (or both can point to the same file). The file can be empty – it doesn’t matter. They just need to exist. Once they do you’ll find that going to wp-admin pops up the Basic Auth prompt as desired.

This was a pesky problem to find the solution for, so I hope this helps. Props to the author noted in the link above, and the other blogs he used to articulate a decent solution (isn’t the internet great sometimes?).