Protect Custom WordPress URLs with Group-Based Basic Authentication

Do you need to protect specific URLs on your WordPress site with different usernames and passwords? Whether you’re securing access to internal pages, private downloads, or multilingual routes, the Group Basic Auth Manager plugin makes it simple and secure to implement Basic Authentication per URL group.

What Is Group-Based Basic Auth?

Basic Authentication is a method of requiring a username and password to access a resource. Unlike global auth plugins, Group Basic Auth Manager lets you define multiple groups, each with:

1. Unique credentials
2. A set of protected URLs
3. Strong password enforcement

Key Features

1. Create multiple auth groups with unique username/passwords
2. Restrict individual URLs or patterns (e.g. /media/list/, /fr/private-page/)
3. Password validation: require strong, secure passwords
4. Compatible with multilingual plugins and rewrite-heavy sites (e.g. Transpress)
5. Smart fallback via WordPress template_redirect
6. No coding required — everything configurable via the admin panel

How to Install

1. Download the plugin ZIP and upload it to /wp-content/plugins/.
2. Activate it from Plugins > Installed Plugins.
3. Go to Settings > Basic Auth Groups.
4. Add a new group with a label, credentials, and a list of protected URLs.
5. Save to generate .htaccess .htpasswd files automatically.

How Protection Works

The plugin uses two layers of protection to ensure your specified URLs are secure. Passwords are securely hashed using BCRYPT before writing to .htpasswd-groupname

1. Primary: .htaccess Rules

It writes Apache rules dynamically to protect the defined URLs with Basic Auth. This is the most efficient and secure method.

2. Fallback: PHP-Based Protection

If .htaccess isn’t supported or a plugin rewrites URLs dynamically, the plugin applies protection during the page rendering phase using template_redirect.

No matter your setup, your protected content stays safe.

Example Use Cases

• Restrict /media/list/ with a dedicated password
• Protect /en/secret-reports/ and /fr/private-data/ for internal teams
• Secure downloadable PDF or HTML files without using a membership plugin

Admin UI to add Multiple Group of Basic Auth

Plugin Requirements

• WordPress 5.0 or later
• PHP 7.4+
• Apache with mod_rewrite and .htaccess support

Troubleshooting Tips

• Make sure your .htaccess file is writable.
• Use strong passwords that include uppercase, lowercase, numbers, and symbols.
• Ensure Apache has AllowOverride All enabled in its config.
• Check the root folder for .htpasswd-groupname files after saving a group.

With Group Basic Auth Manager, you don’t need bloated membership plugins just to secure a few key pages. It’s fast, light, and does exactly what you need — protect specific parts of your site with group-based login credentials.

Give it a try and keep your content safe with confidence!

Support

For support or feature requests, contact the plugin author:
Author: Iftekhar Ahmed Eather
Company: Export Japan Inc