I have the following in the htaccess file in my /wp-admin folder:
AuthType Basic
AuthName "Example"
AuthUserFile "/home/username/.htpasswds/public_html/example.com/wp-admin/passwd"
require valid-user
For some reason when I load up a wordpress article it prompts for authentication.
The main page is fine, but individual articles prompt for a password.
I found a solution to my problem.
The reason why it was prompting for a password is because some WordPress plugins require access to admin-ajax.php.
If you add the following on top of the quote above it will allow you to password protect the wp-admin folder.
# Allow plugin access to admin-ajax.php around password protection
<Files admin-ajax.php>
Order allow,deny
Allow from all
Satisfy any
</Files>
Related
I have tried to add .htpasswd in magento admin panel. I have uploaded both file in the magento root directory. But my password prompt box coming also frontend.
Please check and help me how to implement .htpasswd only for the magento admin not frontend?
.htaccess
AuthType Basic
AuthName "Password Protected Area"
AuthUserFile /home/xxxxx/public_html/.htpasswd
Require valid-user
.htpasswd
foo:$apr1$yB1.9vIT$IVVBmq5vMauwsNR8CZdHQ. //foo and bar
.htaccess by default applies to the directory it is sat inside, in this case all of Magento.
Magento doesn't have a physical admin folder that you can protect so the best option is to use Apache's LocationMatch directive
<LocationMatch "^/admin">
AuthType Basic
AuthName "Password Protected Area"
AuthUserFile /home/xxxxx/public_html/.htpasswd
Require valid-user
</LocationMatch>
Please note the above config is untested
EDIT: It's worth noting that it is a good idea to change the admin path from 'admin' to something more secure as well.
I have a website made with WordPress and I want to make two different htaccess logins for two template files. Is this possible?
I have this next code for one of the templates but I want to do the same thing for the second template, only with different username and password.
The templates are located in the same directory and the .htaccess, .htpasswd files are in the root of the website.
I tried user username instead of valid-user, made a different directory in public_html for another .htpasswd file with the password and username for the second file. Nothing worked as it should.
The code:
SetEnvIf Request_URI /colaborators/$ require_auth=true
AuthType Basic
AuthName "Restricted Area"
AuthUserFile /home/my_whole_path/public_html/.htpasswd
Require valid-user
Order Deny,Allow
Deny from all
Satisfy any
Require valid-user
# or 2. the "require_auth" var is NOT set
Allow from env=!require_auth
I will answer my own question, maybe this will help someone:
In my case, I had the .htaccess and .htpasswd files outside WordPress, in the root directory. What I had to do to make my second page .htaccess protected with different user and password than the first one:
I made a new directory in the root folder, inside it I created another .htaccess file and a new .htpasswd, plus my page (called it index.php).
SetEnvIf Request_URI /test/$ require_auth=true
AuthType Basic
AuthName "Restricted Area"
AuthUserFile /home/my_whole_path/public_html/new_directory/.htpasswd
Require valid-user
Order Deny,Allow
Deny from all
Satisfy any
Require valid-user
# or 2. the "require_auth" var is NOT set
Allow from env=!require_auth
In index.php I loaded WordPress with a require_once 'wp-load.php', the header.php and the rest of the page code.
And that's all.
Hope will help.
I use a .htaccess rule to add an extra layer of password security to the wordpress login page. Now as the whole wp-admin is protected. Users who wish to register, lands on the page with the username and password prompt for the authentication.
Is there anyway I can bypass this only for user registration URI?
I currently have authentication for this URL - www.example.net/wp-login.php
But I couldn't exclude the authentication prompt for this URL - www.example.net/wp-login.php?action=register
This is my .htaccess rule:
<FilesMatch "wp-login.php">
AuthName "Authorized Users only"
AuthType Basic
AuthUserFile /home/user/.wpadmin
require valid-user
</FilesMatch>
Is there anyway to exclude the security authentication for the queried URL for registering in my site?
Possibly (not tested) but you'll need a rewrite rule to create a specific URL for the registration page eg.
RewriteEngine On
RewriteRule wp-register wp-login.php?action=register [NC,L]
Then a block to disable authentication for that URL eg:
<Location "wp-register">
Order Deny,Allow
Allow from All
Satisfy Any
#AuthBasicFake dummyRegOnlyUserId dummyRegOnlyPass
</Location>
If that doesn't work as is, try adding a dummyRegOnlyUserId to your password file and uncommenting the directive.
Ok so I want to protect a single webpage using .htaccess and .htpasswd
I have successfully implemented this to work on my index.php page but if I go any deeper it doesn't work.
I'm using codeigniter and here is the code from my .htaccess file
# password-protect single file
<Files "vAdmin.php">
AuthName "site"
AuthType Basic
AuthUserFile /home/bg33qn/public_html/ci/application/views/.htpasswd
require valid-user
</Files>
I have both the .htaccess file and the .htpasswd file saved in:
/home/bg33qn/public_html/ci/application/views/
Using this to protect the index page at the following location works fine:
/home/bg33qn/public_html/ci/
Any suggestions?
Thanks
Do you want to password protect just one file?
<FilesMatch "vAdmin.php">
AuthName "Member Only"
AuthType Basic
AuthUserFile /home/bg33qn/public_html/ci/application/views/.htpasswd
require valid-user
</FilesMatch>
Just a tip: I hope you don't use this tool as the only security process protecting that page. It seems that page has something to do with administrators.
Updated: Create this .htaccess file where vAdmin.php is stored. So in your case, /home/bg33qn/public_html/ci/application/views/.
I need to password protect a directory with .htaccess, which I have successfully done. But the front end of the website was programmed to link to images within this password protected directory (not by me), but when a webpage tries to access those images it prompts the user to login.
Is it possible to password protect that directory, but allow any access to any image file type like *.jpg and *.gif?
My current .htaccess code is this:
AuthName "Secure Area"
AuthUserFile "/home/siteuser/.htpasswds/public_html/admin/passwd"
AuthType Basic
require valid-user
Thanks for any help!
AuthName "Secure Area"
AuthUserFile "/home/siteuser/.htpasswds/public_html/admin/passwd"
AuthType Basic
require valid-user
<FilesMatch "\.(png|jpe?g|gif)$">
Satisfy Any
Allow from all
</FilesMatch>
Edit to incorporate Shef's improvement
You could check all the different options of configuration .htaccess gives you in the following site:
Stupid htaccess Tricks
Did you try put it inside Filematch?
<FilesMatch "^.*(png|jpe?g|gif)$">
AuthName "Secure Area"
AuthUserFile "/home/siteuser/.htpasswds/public_html/admin/passwd"
AuthType Basic
require valid-user
</FilesMatch>
What you could try is to write an image display proxy:
Keep the directory like you have it now, with password protection.
On the .htaccess on the root of the website where the images are linked, add a Rewrite rule for those image types you want. This rule should redirect the call to a PHP handler script.
That script should evaluate the path that was being requested, load the file from the filesystem, deduct its header and send that to the client using header(), followed by the image file's content echo file_get_contents()should do.
PHP is not affected by the .htaccess so it should be able to read the file you need and proxy it to the end user.