I have protected my wp-admin page with a htaccess/htpassword file.
.htaccess:
AuthType Basic
AuthName "restricted area"
AuthUserFile /home/x/d/website/www/wp-admin/.htpasswd
require valid-user
.htpassword:
user1:password1
user2:password2
It works.
But today, I published the website online.
And what I now see is frustrating me.
Almost all the pages from the frontend are also asking for username/password!
How is this possible? Wordpress has some kind of link to the backend admin pages?
How is this possible?
Help me please.
Thank you.
Gr,
Ash
might need to add the activation syntax to a directory/file block - for example:
<Directory "/var/www/html/protected">
AuthType Basic
AuthName "Authentication Required"
AuthUserFile ""
Require valid-user
Order allow,deny
Allow from all
</Directory> also dont forget to restart apache... most common issue ;-)
#YFP:
Hey dude, it worked.. I also got another solution provided by a friend. Looks like your solution, but this one was explicitly for Wordpress:
AuthType Basic
AuthName "restricted area"
AuthUserFile /home/x/d/xddesign/www/wp-admin/.htpasswd
require valid-user
<Files admin-ajax.php>
Order allow,deny
Allow from all
Satisfy any
</Files>
Thank you for your help YFP!!
I wanted to upvote your answer but don't have rep enough...
Related
I would like to use a .htaccess and a .htpasswd file to protect access to a website.
The following code successfully brings up the auth dialog when visiting mysite.com. But when visiting mysite.com/index.html the auth dialog does not appear and the website can be accessed without protection.
.htaccess
AuthUserFile /path/to/.htpasswd
AuthType Basic
AuthName "Password Protected"
Require valid-user
What do I need to change to ensure that mysite.com/index.html is protected as well?
I have tried adding:
Order Deny,Allow
Deny from all
Satisfy any
Require valid-user
and also:
<Files "index.html">
Require valid-user
</Files>
Neither make any difference to the problem.
maybe you could try it with
AllowOverride AuthConfig
If I remember it right it is not activated on the default :)
you can get more information in the official apache doc
https://httpd.apache.org/docs/2.4/howto/auth.html
I have tried to add .htpasswd in magento admin panel. I have uploaded both file in the magento root directory. But my password prompt box coming also frontend.
Please check and help me how to implement .htpasswd only for the magento admin not frontend?
.htaccess
AuthType Basic
AuthName "Password Protected Area"
AuthUserFile /home/xxxxx/public_html/.htpasswd
Require valid-user
.htpasswd
foo:$apr1$yB1.9vIT$IVVBmq5vMauwsNR8CZdHQ. //foo and bar
.htaccess by default applies to the directory it is sat inside, in this case all of Magento.
Magento doesn't have a physical admin folder that you can protect so the best option is to use Apache's LocationMatch directive
<LocationMatch "^/admin">
AuthType Basic
AuthName "Password Protected Area"
AuthUserFile /home/xxxxx/public_html/.htpasswd
Require valid-user
</LocationMatch>
Please note the above config is untested
EDIT: It's worth noting that it is a good idea to change the admin path from 'admin' to something more secure as well.
I've got a problem with my .htaccess :
AuthType Basic
AuthName "Acces protege"
AuthUserFile "/home/sites/.htpasswd"
require valid-user
IMO, the file .htaccess is not read as I tried to write with syntax error.
And nothing happened while I access to the page.
I've changed the conf file of Apache : apache2.conf.
Instead of
AllowOverride None
I've put
Allow Override All
Then
service apache2 restart
Yet no authentification activated.
AuthType Basic
AuthName "Acces protege"
AuthUserFile "/home/sites/.htpasswd"
Require valid-user
Change the require keyword to Require
A misconfiguration on the server caused a hiccup. Check the server logs, fix the problem, then try again.
This error is displayed only after I add this authentication part to my .htaccess...If I remove this part it shows the admin area without authentication....Please can anyone point out whether there is any syntax error...
<FilesMatch "admin">
AuthUserFile "/home6/zeewatch/public_html/ecole-de-paris-fr//httpd.www/mu/.htpasswd
AuthGroupFile /dev/null
AuthName "admin"
AuthType Basic
Require valid-user
</FilesMatch>
Try this
<FilesMatch "admin">
AuthName "Admin Panel"
AuthType Basic
AuthUserFile /path/.htpasswd
Require valid-user
</FilesMatch>
and what this?
ecole-de-paris-fr//httpd.www/mu/.htpasswd
you have "//" on the path, make it one forward slash
I want to protect an admin folder in my PHP web site from other people.
I created two files .htaccess and .htpasswd, but when I enter to the index page on this folder it doesn't show me that dialog where I have to enter the username and the password, here are the content of the files :
The .htpasswd file :
mateo21:$1$MEqT//cb$hAVid.qmmSGFW/wDlIfQ81
ptipilou:$1$/lgP8dYa$sQNXcCP47KhP1sneRIZoO0
djfox:$1$lT7nqnsg$cVtoPfe0IgrjES7Ushmoy.
vincent:$1$h4oVHp3O$X7Ejpn.uuOhJRkT3qnw3i0
The .htaccess file :
AuthName "Page d'administration protégée"
AuthType Basic
AuthUserFile "/var/www/sec/.htpasswd"
Require valid-user
I'm running Linux ubuntu and apache.
You need to deny everything first. Try:
Order Deny,Allow
Deny from all
AuthName "Page d'administration protégée"
AuthType Basic
AuthUserFile "/var/www/sec/.htpasswd"
Require valid-user
If what #Jon Lin said doesn't work, then make sure you have
AllowOverride AuthConfig
in your /etc/httpd/httpd.conf file
If you can't find your configuration file, then try searching for it in terminal...
locate "httpd.conf"
Or
find /etc/ -name "httpd.conf"