Wordpress adds a little code to your root .htaccess in order to catch all URLs on your website and process them. It works fine if you only have Wordpress on your websites and normal files/folders. But should you have a password-protected directory, Wordpress might catch the 401 page as well which results in never showing the login authentication box at all.

I tried to add additional RewriteCond and RewriteRule to catch the password-protected directories before Wordpress does but without success. The trick is in fact much more simple than that. You simply need to tell Apache to go to a custom 401 page of your choice (it can be blank or the default page, doesn’t matter). You will then be prompted with a login box and let you proceed to the password-protected directory. Should the login be wrong, the custom page will be displayed. No more annoying Wordpress url rewriting!

Here’s the code: (notice the usual Wordpress code, you simply need to add the ErrorDocument line above it)

ErrorDocument 401 default

# BEGIN WordPress
<ifmodule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</ifmodule>
# END WordPress