I searched for what felt like hours for a solution to this problem. In my searching I realized that many people had a similar issue, but none of the offered solutions were working. I couldn’t get my site to stop asking me for htaccess verification twice. It would ask me over http (NOT GOOD!) and then it would ask again over https (WHAT WE WANT). If you want to learn how to make the .htaccess and .htpasswd files you can follow a great tutorial here.
This tutorial will be nice and concise, because I’m sure anyone reading this has had enough “fun” searching for an answer, and could care less about my ranting. So, here we go…
(Note: This article assumes that you know how to make and upload a .htaccess file to your server. For instructions on how to do this click here.)
The first step in securing your site with a .htaccess file is to add the following lines near the top:
This will force your site to go from http:// to https://, which is what we’re trying to accomplish.
You need to ensure that your site is only offering the .htaccess login via https://, and not http://
To do this you add the following lines after the last few:
NOTE: You need to replace “mysecuresite.com” with your own base domain. If the domain you’re trying to protect is “mydomain.com/subdomain” you simply put in “mydomain.com.”
If your domain is “subdomain.mydomain.com” your base domain will NEED to be “subdomain.mydomain.com.”
Next, we’ll add the password requirement:
You need to replace “base/path/to/file/.htpasswd” with your own path.
To find out what your exact path is you can create a new .php file with the following lines of code in it:**
You can name it something like: mypath.php
**Graciously borrowed from www.htaccesstools.com
When you’re finished with the .htaccess file it should look like this:
Hopefully this helps you avoid double authentication on your site. Good luck, and happy coding!