.htaccess security, WordPress admin pages 404



My sites were recently moved from an old server to a new one. Everything seemed to be working properly until I logged into a site on Tuesday and WordPress’s admin pages were not working properly.

I use the AskApache Password Protect plugin to build .htaccess files to prevent certain types of attacks. Removing the .htaccess files allowed the site to function normally, but (obviously) isn’t desirable.

I have tried a few things, but the basics right now are that I have put in a very simple .htaccess that is intended to prompt for authorization to get to the wp-admin pages. Instead of being prompted however, I get a WordPress 404 page. The .htaccess content is (with appropriate name changes to protect the site’s identity for now):

AuthType Digest
AuthName " Secure Area"
AuthUserFile /home//.htpasswd-wp
Require valid-user

Any ideas?


Ever since I moved my Wordpress blog over to Dreamhost, I’ve been getting a lot of 404 errors in the WP admin area. Someone on the WP forums mentioned something about Dreamhost killing processes for memory reasons, whatever that means. I sent a support request to Dreamhost about it. The problem’s been getting worse, actually.


Thanks for the response, but I don’t know that killing processes makes much sense in terms of 404 errors in a WordPress style environment. The way that WordPress works (AFAIK) they would essentially be killing one of the httpd (Apache server) or maybe FastCGI processes. Also, each WordPress request is stateless. That means its memory usage should be released once that request completes. Unless they have something that immediately kills every process that gets to a certain memory usage level, it shouldn’t ever affect WordPress. Even then, it should result in something more like a 500 error than a 404.

In my case, I’m pretty sure it has to do with the new version of mod_security interacting poorly with the combination of WordPress and .htaccess basic or digest auth.

Anyone have any other ideas? I saw something about WordPress’s permalink engine possibly causing problems. Anyone know if that could be it?


No, it’s Wordpress, at least in my situation. Probably the plugins, according to DH support. DH has an unusual policy in this area, compared to other hosts. They actively kill processes that approach DH’s memory limits (for me, it’s admin-ajax.php that’s causing problems, says DH). But yeah, in your case it sounds like it’s something else.


Hmm. It’s sounding like I need to hit up DH and see if that could be it. Thanks again for the response.