WordPress.org

User:Hakre/Htaccess Auth Excludes

Back to my Page

Server Access Control based on Authentication

If you're using Access Control based on Authentication on your Webserver (often known as htpasswd, Basic Authentiaction, password protected directory or similar), WordPress is not able to handle it for Flash Uploader, Cron and XMLRPC. Related files need to be excluded to work. Keep in mind that this might break your security considerations.

.htaccess snippet

# Exclude the file upload and WP CRON scripts from authentication
<FilesMatch "(async-upload\.php|wp-cron\.php|xmlrpc\.php)$">
    Satisfy Any
    Order allow,deny
    Allow from all
    Deny from none
</FilesMatch>

See Also

• Technical Installation Checklist
• Secure WordPress Setup
• #10825
• WordPress and basic authentication, problems with WP Cron and file uploads

• Home Page
• WordPress Lessons
• Getting Started
• Working with WordPress
• Design and Layout
• Advanced Topics
• Troubleshooting
• Developer Docs
• About WordPress

Codex Resources

• Community portal
• Current events
• Recent changes
• Random page
• Help