Trouble with .htaccess on WordPress site



I can’t seem to get .htaccess working correctly to password protect a directory on a WordPress site. What I’m trying to accomplish is having users go to a WP page, click on the link displayed, enter the username and password they received by email, and then be able to download some premium content.

I installed the following code above # BEGIN WordPress in the .htaccess file in my site’s root directory:

RewriteEngine On RewriteBase / RewriteCond %{REQUEST_URI} ^/(failed_auth\.html).*$ [NC] RewriteRule . - [L]

Then in the directory I want to protect, I added an .htaccess file with the following content:

AuthName "Download PDF Ebook"
AuthType Basic
AuthUserFile /home/ftpusername/.htpasswd
Require valid-user

And in the same directory, an .htpasswd file with the following content:


When I click on the displayed link, I do get the prompt to enter the username and password. But then, instead of going to the desired file to download, I get a 404 error.

What else do I need to do to make this work?


it is working. if you failed to login, you’d get 401 (unauthorised). 404 means file not found.


Thanks, bobocat, I agree that the authentication is working. But after entering the username and password, instead of going to the requested file, I’m getting a 404 error from WordPress. The file is there, the file name is correct… Is there something else that needs to be in one of the two .htaccess files in order for the user to be directed to the file after authentication?


Posting a solution now that may help others with the same issue, as I see there are many of you out there! After numerous hours of searching, message board queries, and trying suggested solutions that didn’t work, I have found a WordPress plugin that does exactly what I needed. Looking for a plugin was where I started, since editing .htaccess files that may be overwritten in the next upgrade was not my preferred approach. But I couldn’t find one anywhere until now. Here’s the plugin:

It gives you the capability to upload exclusive content files (PDF, DOC, etc.) to a directory which is not displayed to users when they download. You can either password protect the file and make it visible to all visitors, or not use password protection and allow the file to be downloaded by only registered users with the specified class. So even though an authorized user may know the file name after downloading, they don’t know the full path, and can neither link to the file nor share the link with others. And passwords can be changed as often as you like.

Very happy to have found a plugin solution and leave behind the world of htaccess and 404 errors.


I recommend the easy way to do this, I use it and works perfect.
Just put the folder with the pretected downloads OUTSIDE the WordPress, so directly in your domain.
Use the basic .htaccess you have now and just link to the files for download in your wordpress post/pages.

No plugin needed (always problems if they not update them and always more risk with security)

Only you will needed to add the user/pwd manually for the clients.

If it is payment/signup based just have then get a temp user/pwd they get after payment and in a day or so send them a permanent user/pwd.


If one is interested in looking into plug-ins that can password protect files, compare the offerings at:
(the official WO plug-in repository) before signing up for an expensive service such as the one linked by coachcj.