Password protected page – 404 error after entering password

[Philip Shambrook]

Hi

I’ve password protected a page using the default WP tools on the page editor.  http://windtrainer.co.nz/signup

All works fine when I enter the password here where I do all my work.  However, anywhere else a 404 error is returned.  I spoke to my hosting people and they suggested I do the following:

Update the .htaccess file before the WordPress information and add the following two lines of code:

ErrorDocument 401 ./error.html
ErrorDocument 403 ./error.html

The finished .htaccess should look like:

ErrorDocument 401 ./error.html
ErrorDocument 403 ./error.html

# BEGIN WordPress
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
# END WordPress

To do this, I have obviously to change things with BPS, that I have done – it is currently uninstalled.

My question is, is there anything in the BPS Pro that would affect the behaviour of a password protected page?  I do have the custom security code added. I can upload the backup files from the BPS installation if needed.

[AITpro Admin]

No, definitely do NOT do what your Host is suggesting – they are giving you generic info that would result in serious disaster for your website.  You should not have to change anything in BPS Pro so something is wrong with your URL.  It is a simple URL problem due to some mistake that you are making with the URL.  We have several password protected pages in use and they work fine without having to change/alter anything.

[Philip Shambrook]

Well, despite being a user of tools and not a creator of tools, I suspected their solution was not addressing my issue, but still, in order to have any further conversation with them I went down the road of implementing it.

Long story short after crashing and burning everything – I mean everything, I lost access to all my sites! – I got it all up again and now seems to be working – no 404 error after the password is entered.

However, I suspect the problem was solved because I had uninstalled and reinstalled BPS Pro at the ‘front end’.  Explanation follows – I think.

I am beginning to suspect that there may be something not quite right with the way I set things up when I began building my little collection of websites and I wonder if this is where the problems nay lie.

I host with Hostpapa and have the initial website under the Public_html directory. In that directory I have the other websites all in their own folders – the other website in their own folders – hbtrailrun, in4m, nzmrs, windtrainer.  Would that be contributing to this? In appearance then it looks like a sub-directory installation but is certainly not detected as such.

I am only firing shots in the dark here, but I have discovered in recent days that the access to the websites is controlled through the installation of hbtrc.co.nz that lies under the Public_html folder. If there is a problem with the .htaccess their, I cannot get access to any of my sites.  Have I created a monster?  The problems us dabblers cause eh?

Anyway, it appears that by dint of uninstalling and reinstalling BPS Pro on HBTRC.co.nz and Windtrainer.co.nz that the password protected page works.

Sorry to be a PIA!

[AITpro Admin]

BPS will always create the correct .htaccess files and code for every WordPress site type and each WordPress site.  If your root .htaccess file is applying its rules to other WordPress sites then the problem is those other sites do not have their own .htaccess files.  .htaccess files are heirarchical/recursive.

Example:
/root website in the root hosting account folder has an .htaccess file.
/WebsiteA – does NOT have an .htaccess file – the rules in the root hosting account .htaccess file WILL be applied to the /WebsiteA folder
/WebsiteB – DOES have an .htaccess file – WebsiteB WILL follow the rules in its .htaccess file in the /WebsiteB folder and NOT the rules in the root hosting account .htaccess file.

Not sure why you think uninstalling/reinstalling BPS Pro fixed that.  Logically that would not make any difference at all so it was just a coincidence . ie something else you did actually fixed the issue.

[Philip Shambrook]

I know enough about computers to be dangerous but not enough to be truly competent.  However, strange things do happen and quite why doing what I did – essentially to recover from self-induced disaster – fixed the problem I was having I have no idea.  But it did.

As for the sites, each has BPS Pro running and each has BPS Pro security .htaccess files.  I have been having some ‘fun’ things happen these past few days as I have had to rush this windtrainer website into service.  At times I have lost access to all my sites so looked at what I considered the base installation the hbtrc.co.nz and hence the cause of my problems.  I had not considered one layer further back – the root .htaccess file. I am learning lots as I recover from problems that are largely self-induced.  Fortunately, the work that I do is really only for me and events and things that I manage, otherwise I’d have some pretty upset people!

Still, that would not have been the cause of the problem I was having to begin with – a 404 error after entering a password on a password protect page.  And I am no closer to understanding why it is now apparently working when all I’ve done is mess around with BPS Pro.

Many thanks for your prompt replies.  As ever, I am very grateful for your support, even though I guess you must be face-palming every time a ‘numpty’ like me gets into the forums!

[AITpro Admin]

Yep, I have no idea what actually fixed the 404 problem so I cannot offer any logical guesses.  🙂  LOL on the face palm too funny.

[Philip Shambrook]

I’m picking this is because I fundamentally fail to understand this Brute Force Protection code.s full purpose.  I tried to enter the password to the page and  got a 403 error for my sins, and this error message in my log:

[403 GET / HEAD Request: April 15, 2014 12:35 am]
Event Code: BFHS - Blocked/Forbidden Hacker or Spammer
Solution: N/A - Hacker/Spammer Blocked/Forbidden
REMOTE_ADDR: 202.50.252.53
Host Name: 202.50.252.53
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR:
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER: http://windtrainer.co.nz/signup/
REQUEST_URI: /wp-login.php?action=postpass
QUERY_STRING:
HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_2) AppleWebKit/537.75.14 (KHTML, like Gecko) Version/7.0.3 Safari/537.75.14

Am I to assume that having this code will prevent me from using password protected pages? I have removed it now.

[AITpro Admin]

@ Philip – your post has been merged into this relevant topic.

I created this exact same scenario.  Created a page called /signup/ and password protected it.  Did not get a 403 error and authentication worked fine.  Which Brute Force Login protection code are you referring too?  There are several different Brute Force Login protection code options.  My first logical guess is that you used the IP based Brute Force Login protection code and your IP address was changed by your ISP, which it will do very frequently every 24 hours or every 3 days (DHCP).

[Author]

Posts