How to Fix The Error 500 on Password Protecting a Directory?

WordPress is made up of directories with various types of files in them. Each directory serves a different purpose. At times, you might have to password protect a directory. Not granting access to other admins or protecting from malware are some common reasons. It should be all good and just work fine except for some administrators where it doesn’t. Whenever you try to log in to the protected directory using the correct credentials, you get an error which reads “Error 500: Internal Server Error”. If you’re seeing this error at your end, we’ll suggest a solution for you in this article.

Password Protecting a Directory

To password protect a directory of your website or app on the web server, the best way is through cPanel. Almost all hosting providers offer a cPanel by default. By following the instructions, you’re likely get it done within minutes.

To do this, follow the instructions:
  • Navigate to the Files >> Directory Privacy

  • Select the directory you want to password protect

  • You’ll find the “Password protect this directory” option under the Security Settings option

  • Set the name and password and the directory is now password protected
Otherwise, you can also use shell scripting. But it’s best to stick with the above method since you’re going to have cPanel on your admin dashboard.

Reasons for the Internal Server Error

If you’ve followed the above steps to password protect a directory, then you might see a 500 Error which reads “Internal Server Error”. To understand this problem, here’s the thing you need to know:

By password protecting a directory, you’re asking cPanel to add the following codes into the .htaccess of your protected directory:

AuthName “Protected!”
AuthUserFile “/home/account-name/.htpasswds/public_html/protected-directory/passwd”
AuthType Basic
require valid-user
After the above codes are added, your directory gets protected. This is where the credentials are stored for log in.

The reason you get the 500 error is because this file cannot be accessed by the Apache server. The server is the environment where your website or app runs. When digging up for login credentials, it wasn’t able to read the second line “.htpasswds/public_html/protected-directory/passwd“to check the credentials. Thus, it returns an 500 error saying “Internal Server Error”.

How to Fix the 500 Directory Error

In general, 500 Errors appear because the server encountered an unexpected condition when handling the request from the client. In this particular scenario, it is the case of Apache server not being able to read the .htaccess file when verifying the credentials provided by the user.

So the quick fix would be to store the password file in a location where the Apache server could access it. The best place to store this in the web root with the location:
Since this is a sensitive file, you need to make it hidden to others users. To do this, put a full stop (“.”) in front of the passwd file. So the code will look like:
This also prevents the file being served up when accessed from a web browser.

For other types of errors, you can check the error.log file of your website. This should list all the errors that take place with your website.
First release
Last update
0.00 star(s) 0 ratings

More resources from bhawanisingh