Password Protect Wordpress Plugin Directory without htaccess

Question

Does anyone know how to password protect a directory in a Wordpress plugin folder WITHOUT .htaccess?

Apparently WPEngine no longer lets you put htaccess files in the directory - it's been depreciated for some reason.

While PHP or other type of scripts can trigger HTTP Auth, you'd still need basic rewriting to get requests for existing files processed _by_ such a script to begin with - so "without .htaccess" won't really work. _"WPEngine no longer lets you put htaccess files in the directory"_ - but it still lets you manipulate the .htaccess on the root level, I suppose? Then you can try and do it from in there, basically reversing the principle of https://stackoverflow.com/a/53837109/1427878 — CBroe, Dec 01 '21 at 07:22

MrWhite · Answer 1 · 2021-12-01T09:21:49.777

1

This would seem to be a loaded question... just because you can't use .htaccess in the directory you want to protect, doesn't necessarily mean you can't use the main .htaccess file in the root.

On Apache 2.4 you can use an Apache <If> expression to limit the HTTP Authentication directives to just that directory.

For example:

<If "%{REQUEST_URI} =~ m#^/wp-content/plugins/#">
    AuthType Basic
    AuthName "Private Area"
    AuthUserFile "/private/path/outside/document-root/.htpasswd-wp-content-plugins"
    Require valid-user
</If>

edited Dec 01 '21 at 09:21

answered Dec 01 '21 at 09:03

MrWhite

43,179
8
60
84

1

The problem is that WPEngine, the host, doesn't let us update the .htaccess file. Or anything that is saved in the main .htaccess file will get overwritten with their default one – winston Dec 01 '21 at 19:06

Password Protect Wordpress Plugin Directory without htaccess

1 Answers1