I am trying to password protect the wp-login.php file in Wordpress but getting errors. This is the code that I am adding to the main .htaccess file (obviously the path to the passwd file is correct).
# Protect wp-login
<Files wp-login.php>
AuthUserFile "/path/to/my/passwd"
AuthName "Private access"
AuthType Basic
require valid-user
</Files>
All works well if Permalinks are off. If I switch off Wordpress Permalinks, then when accessing site.com/wp-login.php redirects in infinite loop and request goes in timeout with the page never displaying.
If I switch on the Permalinks, Worpress adds the directives just after the above block of code that I have posted.
What can be causing this and how can I get this security measure to work along side permalinks?
ErrorDocument 401 default
as explained here this was missing from the .htaccess file