In my root .htaccess file I have the following Wordpress code:
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /wordpress/index.php [L]
Slightly different to the standard code because the Wordpress files are in a "wordpress" directory but rewrites still appear relative to the domain root. For example a blog post can be called site.com/this-is-a-blog-post.php and the rewrite works.
This works great except when I want to use htpasswd to protect a directory on the site. If I add the following code to a .htaccess file in any directory I get a 404 when trying to browse to that directory:
AuthName "Private"
AuthUserFile "/home/passwd"
AuthType Basic
require valid-user
This code works correctly when the last line of the Wordpress rewrite code is commented out, but with the Wordpress code intact my password protected directory gives a 404.
So I have a conflict between the two .htaccess files somehow. I have tried writing a bunch of RewriteCond's to try and exclude the subdirectory with the password applied but can't nail it.
Ok, Murphy's Law, just worked it out after posting the question!
The extra condition needed for the Wordpress rewrite is:
RewriteCond %{REQUEST_URI} (/|\.htm|\.php|\.html|#.*|\?.*|/[^.]*)$ [NC]
So the complete Wordpress rewrite code becomes:
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} (/|\.htm|\.php|\.html|#.*|\?.*|/[^.]*)$ [NC]
RewriteRule . /wordpress/index.php [L]
Now I'll go finish my humble pie.