I've investigated this and regrettably all I'm able to find is general suggestions about htacesss and pass wording or general htaccess to redirect etc. Not one of them are things i am after here.

To summarize, we run some blogs all while using WordPress Multisite functionality.

Each one of these files etc and info within the database are recommended by an ID and therefore the website doesn't reside in a folder.

I wish to restrict one folder having a htaccess our company uses to permit use of its customers.

Normally I'd drop that file within the folder and task finished.

However, as pointed out you will find no physical folders therefore i have to in some way add this towards the existing htaccess file that WordPress uses to deal with everything.

This is actually the htaccess file as standard:

RewriteEngine On
RewriteBase /

#uploaded files
RewriteRule ^(.*/)?files/$ index.php [L]
RewriteCond %{REQUEST_URI} !.*wp-content/plugins.*
# deperectaed after upgrade to v. 3.0 RewriteRule ^(.*/)?files/(.*) wp-content/blogs.php?file=$2 [L]
RewriteRule ^(.*/)?files/(.*) wp-includes/ms-files.php?file=$2 [L]

# add a trailing slash to /wp-admin
RewriteCond %{REQUEST_URI} ^.*/wp-admin$
RewriteRule ^(.+)$ $1/ [R=301,L]

RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule . - [L]
RewriteRule  ^([_0-9a-zA-Z-]+/)?(wp-.*) $2 [L]
RewriteRule  ^([_0-9a-zA-Z-]+/)?(.*\.php)$ $2 [L]
RewriteRule . index.php [L]

<IfModule mod_security.c>
<Files async-upload.php>
SecFilterEngine Off
SecFilterScanPOST Off

What I have to add may be the following:

AuthName "You must be a valid user" 
AuthType Basic 
require valid-user

However I just have results on a single site, say site id=2 for the time being. I'd possibly prefer to add sites for this later.

Any assistance will be greatly appreciated.


You should use the filesMatch directive to safeguard the sites. For any site in the path of /foo/ the next should work:

<filesMatch "^foo.*">
    AuthName "You must be a valid user" 
    AuthType Basic 
    require valid-user

To Make certain the filesMatch directive works, try:

<filesMatch "^foo.*">
    order allow,deny
    deny from all