WordPress.org

Codex

User:Hakre/Htaccess Auth Excludes

Back to my Page

Contents

Server Access Control based on Authentication

If you're using Access Control based on Authentication on your Webserver (often known as htpasswd, Basic Authentiaction, password protected directory or similar), WordPress is not able to handle it for Flash Uploader, Cron and XMLRPC. Related files need to be excluded to work. Keep in mind that this might break your security considerations.

.htaccess snippet

# Exclude the file upload and WP CRON scripts from authentication
<FilesMatch "(async-upload\.php|wp-cron\.php|xmlrpc\.php)$">
    Satisfy Any
    Order allow,deny
    Allow from all
    Deny from none
</FilesMatch>

Alternative approaches

Some alternatives might be considerable:

  • Check for a cookie prior use (.htaccess)
  • Disable the flash uploader so that the standard uploader is available (wp-config)

See Also