aMember 3.0.9 & Wordpress 2.5.1 (Protection Problems)

I'm using aMember 3.0.9 & Wordpress 2.5.1, I want to use new_rewrite to protect my wordpress but whenever I try to do that, I keep getting redirected to the error page. Once I remove the protection on my folder, it works again.

Is there any issue with the .htaccess or what?

For the protect plugins, which ones should I select?
- htpasswd
- htpasswd_shared
- mod_auth_mysql
- new_rewrite
- php_include
- plugin_template

Since I want to use new_rewrite, do I select only new_rewrite or new_rewrite & php_include or anything else?

What's the error you're getting?

Some hosts do not allow new_rewrite.
Check your version info in the amember admin page, and search for rewrite. If you don't see mod_rewrite you may not have it enabled. Ask you host to enable it.
These are the protect plugins that I have enabled:
- htpasswd
- new_rewrite
- php_include

David

The error page is the wordpress 404 page.

Alright, I'll check with my host, thanks.

Reply back with the URL in your browser URL bar that gives you the 404 error page. That will most likely tell us what the problem is.

It's alright, it's fixed now.

Yes... how was it fixed?

I agree with skippybosco. It would be great for future troubleshooters to know how this was resolved.

Thanks
B

Um, share?

Yeah, there's a few of us getting the 404 error when we try and protect a folder with Wordpress. Please share how you solved this so we can all stop emailing support?

If you can post an example URL that's getting a 404 error we may be able to help you directly...

Hmm... well, I hope you can. It seems like a simple .htaccess rewrite will do the trick, I just need to know what to do.

The whole site exists at http://matthewebel.net and the .htaccess file in the root directory is the standard Wordpress-made file. I have my permalinks set up for date and name format.

There is an actual directory at http://matthewebel.net/downloads/levelone/ and a file at http://matthewebel.net/downloads/levelone/gpe.mp3

The .htaccess files in both downloads and levelone are the standard aMember-made files.

If you try and access downloads, levelone, OR the mp3 file, you get the wordpress 404. Whether you're logged in as an admin, a subscriber, or not, same error.

Can you post a copy of one of your .htaccess files in a directory giving an error.

Thanks!

Sure thing. The root level .htaccess is the standard Wordpress-generated .htaccess file:

Code:

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress

The .htaccess for /downloads/ and /downloads/levelone/ are the same and are both generated by aMember:

Code:

########### AMEMBER START #####################
AuthType Basic
AuthName "Members Only"
AuthUserFile /home/matthff6/public_html/subscriptions/data/.htpasswd
AuthGroupFile /home/matthff6/public_html/subscriptions/data/.htgroup
Require valid-user
########### AMEMBER FINISH ####################

Oh, and yes I have emailed support about this, but the question still ain't answered. The race is on!

If it gets solved, you can bet that I'LL post the answer here.

Sorry for the delay - I'm having a fairly insane week at the moment.

My question to you is why are you using the basic htaccess protection for the downloads and downloads/levelone directories instead of the "newrewrite" amember protection which is much, much better.

Any time someone tries to access the downloads or downloads/levelone directories they're going to be prompted to enter their username & pass again.

I suspect the 404 you're getting may be caused by the wordpress rewrite function in the top level .htaccess trying to redirect to the download or download/levelone directories and failing because the username & password is required.

Actually, looking at it further I can see what the problem is. Because of the wordpress rewrite rules in the top level .htaccess when you try to access downloads or downloads/levelone wordpress is rewriting those directory URLs into wordpress links. Because those links don't exist that's why you're getting the 404 error.

So you either need to modify the rewrite rules in the top .htaccess so that it does not rewrite the URL for download & download/levelone

One way is to have wordpress and download in separate directories - i.e.: http://www.example.com/wordpress & http://www.example.com/download. You can have http://www.example.com/index.php instantly redirect to http://www.example.com/wordpress or use a rewrite rule so that it's a hidden redirect (i.e.: the wordpress blog appears to be at http://www.example.com even though it's actually in a sub directory).

Another way is to alter the .htaccess file for wordpress so that it ignores certain subdirectories.

For example, adding the following **above** the other wordpress rewrite rules in .htaccess should cause wordpress to ignore the downloads directory:

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_URI} !^/downloads.*$
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

I'm 90% sure this will work but I can't test it locally at the moment so you'll have to try it.

Let me know.

Also check this link out for some great rewrite rules that do the same thing in different ways:

http://www.addedbytes.com/apache/ignore-directories-in-mod-rewrite/

Plus...

http://wordpress.org/support/profile/71962

...which discusses the rewrite rule problem for directories protected by basic authentication as you've done.

Because new_rewrite only works in web browsers. I need to protect enclosures in a podcast feed, and iTunes just barfs up an error instead of asking for username and password if I use new_rewrite.

...and I'm 100% sure that it didn't work. Unfortunately, I can't seem to find any rewrite code that will work, and I'm pretty much an Apache noob. It LOOKS like that should work (hell, the !-d should work anyway), but it's not working.

Please let me know if you have any other suggestions.

Oh... and the wordpress.org link you added? Um, it's just a link to some guy's profile, no help there. Sorry.

ALMOST solved it

This is not fixed yet... but it seems closer...

A few friends pulled together to help me with this one...

All I had to do was add the following to Wordpress' .htaccess file (the one at the root level, the one it created):

Code:

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_URI} ^/folder_name/(.*)$
</IfModule>

# BEGIN WordPress...
(here begins Wordpress' auto-generated stuff)

Where folder_name is the folder I want to protect (but I want Wordpress to ignore for rewrite purposes). This lets aMember do its thing for those folders, but keeps Wordpress from touching them with rewrites.

The problem is now that Wordpress rewrites aren't happening at all. This little code has caused of WP's Rewrite Conditions to come up false, so nothing is happening for WP now.

Crap.

Screw it.

I'm officially giving up. I'm moving my protected folder to another domain on the same server, somewhere outside the reach of Wordpress.

I strongly suggest, though, that someone find a fix for this SIMPLE problem since I'm obviously not the only one trying to do this. I have the luxury of other directories to use, but there are a lot of bloggers who use the WP install as their only site.

I'm having the same 404 error with my "pages" and not my posts.

The permalink structure I have is %category%/%postname% and I
get an error for my pages.

My .htaccess info is:

Code:

########### AMEMBER START #####################
Options +FollowSymLinks
RewriteEngine On

## allow access for any active subscription
RewriteCond %{HTTP_COOKIE} amember_nr=([a-zA-Z0-9]+)
RewriteCond /home/site/public_html/breaking/amember/data/new_rewrite/%1 -f 
RewriteRule ^(.*)$ - [L]

## if user is not authorized, redirect to login page
# BrowserMatch "MSIE" force-no-vary
RewriteCond %{QUERY_STRING} (.+)
RewriteRule ^(.*)$ http://www.site.com/amember/plugins/protect/new_rewrite/login.php?v=-any&url=%{REQUEST_URI}?%{QUERY_STRING} [L,R]
RewriteRule ^(.*)$ http://www.site.com/amember/plugins/protect/new_rewrite/login.php?v=-any&url=%{REQUEST_URI} [L,R]
########### AMEMBER FINISH ####################

Code:

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /members/
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /members/index.php [L]
</IfModule>

Any idea why we're getting a 404 error? How do we fix it?

You are using the "Walled Garden" model where your wordpress directory is protected by amember? If so, what purpose does permalink structure of %category%/%postname% have?

There's no SEO advantage since the spiders can't get in.

David