Using HTTP Auth Basic in WordPress

I was posed with the question as to how to protect a BB forum with a general user/pass for students at a community college. Since the segment that needed securing was not a standard post, but a custom rewrite, there was no way to use the native post password feature. Using .htaccess was also out as that protects entire directories.

Fortunately, PHP allows you to implement auth headers to handle this. Let me first say that I understand that HTTP Auth Basic is not a secure authentication solution, but it is a privacy gate which is all that was requested to help reduce spam, malicious posts, etc.. With the proper hooks, I was able to target the specific URI segment and it worked like a charm.

<?php function send_http_auth_headers(){ header('WWW-Authenticate: Basic realm="Your Website Name Restricted"'); header('HTTP/1.0 401 Unauthorized'); echo 'Please speak to an administrator for access to the this feature.'; exit; } add_action('template_redirect', 'maybe_add_http_auth_basic', 0); function maybe_add_http_auth_basic(){ # Add your specific URI segment (i.e. http://example.com/segment-string/) $uri = 'segment-string'; if(!is_admin()){ global $wp; # Look for exact match and child segments if($wp->request === $uri || strpos($wp->request, $uri.'/') !== false ){ $user = HTTP_USER_NAME; # Define this in wp-config.php $pass = HTTP_USER_PASS; # Define this in wp-config.php # Check if user/pass has been entered if (!isset($_SERVER['PHP_AUTH_USER'])) { send_http_auth_headers(); } else{ # Check if the user/pass is correct if ($_SERVER['PHP_AUTH_USER'] !== $user && $_SERVER['PHP_AUTH_PW'] !== $pass) { send_http_auth_headers(); } } } } }

WordPress