Mistakes are often made when you don’t know any better.


Well. This was my day.

Exhausted, but I finally perfected the password authentication + various WordPress installations challenge.

Originally, I used DreamHosts’ Goodies > HTAccess setup. It took hours before realizing the passwords that were generated were not the same encrypted versions to copy/paste into the .htpasswd document.

…lesson learned. A few more:

Always look at the log

If you use DreamHost, you can find the error log by going to /home/USERNAME/logs/WEBSITE/http/error.log. I would have saved a lot of time if I checked the logs before assuming I could figure out the answer by just pounding my head against the keyboard repeatedly.

Errors included:

  • Password Mismatch
  • File does not exist (lack of error documents)
  • User not found
  • Permission denied

Mindful process of elimination

Instead of eliminating at will and hoping to cycle through the answer (which takes up way too much time), it’s a good idea to carefully consider the what’s and the why’s. While this is obvious, I think a lot of us tend to get caught up in the moment of solving something that we rush toward the answer without thinking too heavily about why certain steps aren’t the solution.

Gentle reminders to slow down, actually analyze (rather than running with a potential fix), and remember it for next time.

The hellish cycle of almost-fixes:

  • testing out the password-protected subdirectory
  • uploading indexes and error files
  • various stackoverflow answers for the .htaccess files
  • moving the .htaccess and .htpasswd files around
  • wait, maybe I should actually install the second WP site
  • consider symlinks!?

And finally, the solution.

In /home/username/website/.htaccess:

ErrorDocument 401 default

# BEGIN WordPress

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress

Remember that the password typed in the DreamHost wizard will look like this:

username password

but in /home/username/website/.htpasswd, it should look like this:

username:encrypted-password

And finally, /home/username/website/subdirectory/.htaccess:

ErrorDocument 401 default

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /subdirectory/
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /subdirectory/index.php [L]
</IfModule>

# END WordPress

### Generated by Dreamhost. DO NOT modify!!! ###
AuthType Basic
AuthUserFile /home/username/website/.htpasswd
AuthName 'AnyNameHere'
require valid-user

################################################

Reminders for next time.

The good news is I managed to get the password-protected portal up and running. A client is using it now for creating content.

Tomorrow I’m going to knock out the WordPress site, & hope for no more missteps.


password-protected portal

  • .htaccess
  • .htpasswd
  • WordPress
  • Hidden :)