A fresh mix of code snippets and tutorials

Private URLs with .htaccess

With WordPress and other publishing software, you can create “private” and “password-protected” posts, but the URL is still going to be discoverable via search engines and visitors. This technique using .htaccess makes the post and URL accessible only to the specified IP addresses.

<IfModule mod_rewrite.c>
	RewriteCond %{REMOTE_ADDR} !^123.123.123$
	RewriteCond %{REMOTE_ADDR} !^222.222.222$
	RewriteCond %{REQUEST_URI} ^/(my-private-page)/?$ [NC]
	RewriteRule .* / [R=301,L]

So if my IP address is 123.123.123 it would be allowed. Likewise if my associate’s IP address is 222.222.222, it also would be allowed. Everyone else will be denied access to the specified page, located at /my-private-page/.

To make more than one page private, you can do something like this:

RewriteCond %{REQUEST_URI} ^/(my-private-page|my-other-private-page)/?$ [NC]

So here we have two pages that are private:


Both will be accessible only to visitors coming from the allowed IPs. To add more IPs, simply replicate one of the RewriteCond directives. Just make sure to remember that you’ve got the technique in place in case your IP address ever changes.

Learn more

WordPress Themes In Depth