Reputation: 870
Protecting an specific WordPress page with .htaccess
I have a specific page on my WordPress installation (it's an actual Page in WordPress, just with Pretty URLs) and I want to password-protect it with an .htaccess file provided to me.
For example, the page is http://www.myawesomewebsite.com/members . I want only some users to access it, and their user and password are stored in an .htpasswd file.
The .htaccess file the client sent to me is
AuthUserFile /put the path to the password file here
AuthGroupFile /dev/null
AuthName RESTRICTED
AuthType Basic
<Limit GET POST>
require valid-user
</Limit>
I need to use this parameters to protect this WordPress page. I'm going crazy and my searches are leading to nowhere. Any guesses?
Upvotes: 0
Views: 5385
Answers (3)
Reputation: 11
I was able to do this by:
- Creating a directory structure on the file system that is protected by .htaccess.
- Adding a custom field to any page that I want to protect that specifies which directory is used to protect it.
- Modifying the page.php template to restrict access to the page depending on whether the user has access to the directory specified by the custom field.
The specific steps are as follows:
- Create a directory "groups" inside the wp-content directory.
Create wp-content/groups/index.php with the following content:
<?php require( dirname(__FILE__) . '/../../wp-load.php' ); class CASGroupAuth { static function authenticate(){ $groups = @$_SESSION['cas-groups']; if ( !$groups ) $groups = array(); $groupdir = basename(dirname($_SERVER['PHP_SELF'])); $groups[$groupdir] = true; $_SESSION['cas-groups'] = $groups; if (!@$_GET['redirect_to'] ){ die("You didn't provide a redirect"); } header('Location: '.$_GET['redirect_to']); exit; } } CASGroupAuth::authenticate();- Create a subdirectory "mygroup" inside the "groups" directory.
Create a symbolic link to the groups/index.php within the mygroups directory. I.e.
$ cd mygroup $ ln -s ../index.php index.phpAdd an .htaccess file to your groups/mygroup directory with the appropriate access restrictions. In my case I was using the CAS apache module, so my .htaccess file looked like:
AuthType CAS require sfu-user shannah !my-maillistModify the the page.php template in my theme (i.e. inside wp-content/themes/mytheme/) to be:
<?php if (have_posts()) : the_post(); $group = get_post_meta(get_the_ID(), 'cas-group', true); if ( trim($group) ){ $group = trim($group); $existingGroups = @$_SESSION['cas-groups']; if ( !$existingGroups or !@$existingGroups[$group] ){ nocache_headers(); header('HTTP1.1 302 Moved Temporarily'); header('Location: ' . get_settings('siteurl') . '/wp-content/groups/'.basename($group).'/index.php?redirect_to='.urlencode($_SERVER['REQUEST_URI'])); header('Status: 302 Moved Temporarily'); exit; } } ?> <?php get_header(); ?> <div id="content" class="narrowcolumn"> <div id="PageTitle"><!-- TemplateBeginEditable name="PageTitle" --><?php the_title(); ?><!-- TemplateEndEditable --></div> <div class="post" id="post-<?php the_ID(); ?>"> <div class="entry"> <?php the_content('<p class="serif">Read the rest of this page »</p>'); ?> </div> </div> <?php edit_post_link('Edit this entry.', '<p>', '</p>'); ?> </div> <?php get_footer(); ?> <?php endif; ?>
The important part of this is the section at the top, as the code the checks the cas-groups custom field and redirects the user, needs to run before any output has been sent to the browser. To do this, I rearranged where the position of the if (has_posts()) statement to wrap the entire page rather than just the content - as it is in the default template.
At this point, if you add a custom field to any page of the wordpress site with name "cas-group" and value "mygroup", then access to that page will be properly limited to users who have access to your groups/mygroup directory based on the rules in its .htaccess file.
If you want to have different groups, you can just make a copy of the mygroup directory and modify the .htaccess file restrictions inside it.
Upvotes: 1
Reputation: 9703
Wordpress allows you to protect the pages/posts using password ( and it's rather easyer to go this route than with htaccess ) : go to wp-admin, edit the page/post you like to keep private but allow access to some users too, and right under the "preview changes" button you'll see "Status: Published Edit" and beneth it "Visibility: Public Edit" click the visibility edit, select the Password Protected radiobox ( or private for that matter ) enter a password and hit Ok . You should be good to go .
Upvotes: 1
Reputation: 1378
All you need to do is put the .htaccess file in the "members" directory and then point the first line to a password file. To create your password file just do:
htpasswd -c MyPasswordFile username
htpasswd MyPasswordFile anotherusername
Here's a good reference:
http://httpd.apache.org/docs/current/howto/htaccess.html
Upvotes: 0
Related Questions
- Password protect a specific URL
- How to use.htaccess and .htpasswd to protect a specific web page in the website
- Restrict access to specific url htaccess
- How to deny access to specific pages with htaccess
- Restricting user access to a particular page - Wordpress
- Restrict HTTP access to single page with .htaccess
- .htaccess code to protect a single URL?
- How to protect a single php page with htaccess?
- How to block access to specific URL?
- How can i protect a URL/Directory in my site?