1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Nov 2012
    Rep Power

    Advice on securing a template page in WordPress using .htaccess

    I have a localhost WordPress (WP) install running on Mac OS 10.7.5 via MAMP:
    Apache 2.2.22
    MySQL 5.5.25
    PHP 5.2.17 & 5.4.4
    APC 3.1.9
    XCache 1.2.2 & 1.3.2
    phpMyAdmin 3.5.1
    SQLiteManager 1.2.4
    Freetype 2.4.8
    t1lib 5.1.2
    curl 7.24.0
    jpeg 8d
    gd 2.0.34
    libxml2 2.7.8
    libxslt 1.1.26
    libidn 1.17
    iconv 1.14
    mcrypt 2.6.8
    YAZ 4.0.1 & PHP/YAZ 1.1.3

    These are my installed plugins:
    Custom MetaWidget
    Page Security by Contexture
    Role Scoper
    WordPress Importer
    HTTP Authentication

    I am using Twenty Eleven with a custom child theme. I want to secure a given page with URL http://localhost/wordpress/?page_id=2 which was created using a default sidebar-page.php template, or a custom template.

    In other words I would like to use .htaccess to secure this page which contains a simple text-field form (.htaccess is the best way I know of working with my custom form); for example when I try to secure <Files wp-login.php> it works fine and a custom login appears for a username. I can also take my form, embed it in a PHP web page outside of WordPress and secure it using .htaccess...but then I lose my header, menu and footer.

    *But* when I create a custom template and secure it using <Files custom-template.php> within a .htaccess file I am still able to type in data into the form and there is no prompt for login--in other words the page is unsecured.

    I've search the forum, the WP forum and Google with no luck. It's not clear how a custom template, or the sidebar-page.php template can be secured. If that's not possible, I'm wondering how to create a new page (i.e. without using WP "Pages") that can be made to look like a page within WP. In other words, how could I add the header.php file and the main menu to a page outside of WP, or is that even worth the effort?

    Advise is greatly appreciated.
  2. #2
  3. No Profile Picture
    Lost in code
    Devshed Supreme Being (6500+ posts)

    Join Date
    Dec 2004
    Rep Power
    As far as I know you can't define rules in a .htaccess file that apply only to URLs containing certain query string values. Defining a rule for the custom template file doesn't work because the HTTP request isn't being sent to the template file, it's being sent to index.php.

    The best approach here is going to be to do the password protection from PHP instead of using Apache for it. You might even be able to find a WordPress plugin that will let you password protect pages.

    Originally Posted by Spad
    Ah USB, the only rectangular connector where you have to make 3 attempts before you get it the right way around
  4. #3
  5. For POny!
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2012
    Rep Power
    Not sure in which way you want to secure it (password ipaddress etc and for who?) But can't you make a condition in your template that redirects people to the index.php if they are not logged in (or any other thing to allow access). here draft of the idea
    PHP Code:

    = array(2,4,5,6,8); // some pages you want to secure (better store this is a database)

    if(isset($_GET['page_id']) && in_array($_GET['page_id'], $specialpages)){//check if the pag_id is special
        //if so check credentials
    // you have access
    header("Location: http://www.example.com/"); // redirect them
    //move along nothing here


    P.s. if you are able to move to a different CMS, you might want to try out joomla, it has already has access levels

    P.p.s I changed the code and used wordpress's own function to check if the user is logged in.
    Last edited by aeternus; December 28th, 2012 at 10:44 AM.

IMN logo majestic logo threadwatch logo seochat tools logo