After installing Wordpress, there will be a rewrite config in .htaccess, and at the same time I want to use AuthUserFile to protect a file, hence my .htaccess set as below, however it does work as what I expected. Thanks a million. <IfModule mod_rewrite.c> RewriteEngine On RewriteBase / RewriteRule ^index\.php$ - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] </IfModule> <Files "helloworld.txt"> AuthUserFile /var/www/clients/client0/web1/web/.htpasswd AuthType Basic AuthName "Admin Only" require valid-user Satisfy All </Files> Result: 404 error and the Wordpress redirects to 404 custimized error page server access log: 1.2.3.4 - - [12/Jan/2017:15:13:04 +0800] "GET /helloworld.txt HTTP/1.1" 404 30626 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:49.0) Gecko/20100101 Firefox/49.0" ---------------------------------------------------------------------------------------------------------------------------------------------------------------- <IfModule mod_rewrite.c> RewriteEngine On RewriteBase / RewriteRule ^index\.php$ - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] </IfModule> AuthUserFile /var/www/clients/client0/web1/web/.htpasswd AuthType Basic AuthName "Admin Only" require valid-user Satisfy All Result: Login windows prompted as expected, but it will protect whole directory, it is not what I want. server access log: 1.2.3.4 - - [12/Jan/2017:15:12:20 +0800] "GET /helloworld.txt HTTP/1.1" 401 751 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:49.0) Gecko/20100101 Firefox/49.0" 1.2.3.4 - admin [12/Jan/2017:15:12:23 +0800] "GET /helloworld.txt HTTP/1.1" 200 295 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:49.0) Gecko/20100101 Firefox/49.0" ---------------------------------------------------------------------------------------------------------------------------------------------------------------- <IfModule mod_rewrite.c> RewriteEngine On RewriteBase / RewriteRule ^index\.php$ - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] </IfModule> Result: Access normally, as no any protection server access log: 1.2.3.4 - - [12/Jan/2017:15:11:50 +0800] "GET /helloworld.txt HTTP/1.1" 200 296 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:49.0) Gecko/20100101 Firefox/49.0" ---------------------------------------------------------------------------------------------------------------------------------------------------------------- <Files "helloworld.txt"> AuthUserFile /var/www/clients/client0/web1/web/.htpasswd AuthType Basic AuthName "Admin Only" require valid-user Satisfy All </Files> Result: Login windows prompted as expected, and only protecting helloworld.txt, it is what I want, but rewrite function not working anymore. Secondly it is weird that server access log is firstly 404, and then 304. server access log: 1.2.3.4 - - [12/Jan/2017:15:08:47 +0800] "GET /helloworld.txt HTTP/1.1" 404 748 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:49.0) Gecko/20100101 Firefox/49.0" 1.2.3.4 - admin [12/Jan/2017:15:08:50 +0800] "GET /helloworld.txt HTTP/1.1" 304 162 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:49.0) Gecko/20100101 Firefox/49.0"