Fixing “Unauthorized” error when using Basic Auth plugin

If you just started using the Basic Auth plugin for authentication, you might come across issues like 401 (unauthorized) that prevents you from making authenticated requests, even though your code and credentials are correct.

Here are two possible solutions to that:

1. Tweak .htaccess file
Open up the .htaccess file and add the following lines:

RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule ^(.*) - [E=HTTP_AUTHORIZATION:%1]

The modified .htaccess file should look something like this

# BEGIN WordPress
# The directives (lines) between `BEGIN WordPress` and `END WordPress` are
# dynamically generated, and should only be modified via WordPress filters.
# Any changes to the directives between these markers will be overwritten.
<IfModule mod_rewrite.c>
RewriteEngine On

# Newly added lines
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule ^(.*) - [E=HTTP_AUTHORIZATION:%1]

RewriteBase /your-site/
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /your-site/index.php [L]

# END WordPress

Here’s the issue reported on Github.

Do note that the .htaccess file will be overriden whenever you update WP or flush your permalinks.

2. Logout of the WP Admin
For some strange reasons, authenticated requests will not work if you are logged-in to your WP Admin. So try logging out or use a different browser/incognito window, as long as the application and WP admin are separated.

Hope that helps!

Leave a Comment