I previously discussed how to get Google to verify a WordPress blog by making a few modifications to the .htaccess file. I would like to take this a step further and discuss how a password protected site can be verified with Google. Verifying a password protected site became necessary for me when I wanted to add a password protected site to Adsense.
The first thing that needs to be done is to have your server respond with a valid 404 error by adding something like the following to your .htaccess file.
ErrorDocument 404 "This file does not exist."
Now you just need to give Google access to two files with a name similar to google54fbcc37db740a4d.html and noexist_54fbcc37db740a4d.html. You will need to login to Google’s Webmaster Tools Dashboard to see what the google*.html filename is in your case and then replace the “google” part with “noexist_” for the second file. Now that you have the names you will need to modify your password protection code that looks something like the following to exclude the two files from password protection.
AuthGroupFile /dev/null AuthName "A Blog" AuthType Basic AuthUserFile /home/user/domains/domain.com/.htpasswd require valid-user
To exclude the two files you would add the below code to your .htaccess file.
Allow from all Satisfy any
Don’t forget to create the google*.html file on your server and replace the names of the files in the above code with your filenames.
Extra Directions for WordPress
Now the above directions should be enough for most password protected sites but for WordPress that is using permalinks one more thing needs to be done. You need to tell WordPress to not send the request for noexist_*.html to index.php. To do this find the following code in your .htaccess file.
RewriteEngine On RewriteBase / RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L]
and add the following RewriteCond after line 5.
RewriteCond %{request_uri} !^/noexist_54fbcc37db740a4d.html$ [nc]