I am trying to develop http authentication in one of my wordpress site.
I have done below code for this.
in my .htaccess file at root folder.
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /htpass_wordpress/
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /htpass_wordpress/index.php [L]
</IfModule>
# END WordPress
I have also created one more.htaccess file for my wp-admin folder.
AuthType Basic
AuthUserFile /htpass_wordpress/wp-admin/.htpasswd
AuthName "My Private Area"
require valid-user
I have created one htpasswd file and put it in wp-admin( same directory where htaccess for wp-admin is stored).
I have stored my user name and base 64 encrypted password in that file.
Now When I access my wp-admin area, pop up appears to ask login.
I provide the username/pass and it allows me to access wp-admin. but then it gives me 500 server error.
does any one know where I am going wrong?
Related
In my htaccess I think I must wrong path of RewriteBase.
My server has this structure:
/public_html/example
and in this example there are all my site so to go on my site I do this url:
http://home.com/example
But I get 500 internal server because I think I wrong my RewriteBase in my htacess:
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /example/
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /example/index.php [L]
</IfModule>
AuthBasicProvider file
AuthUserFile /public_html/festivalmusicasullacqua/.htpasswd.txt
AuthName "Authorization Form Title"
AuthType Basic
#Allow any valid user
require valid-user
#Allow only one user with specified username
require user festival
Anyone can help me to correct the code?
You have two parts in your .htaccess file: a rewrite part, and an auth part. I think that the error is not in the rewrite part, but in the auth part (you can try commenting it to confirm this hypothesis).
If I am right and the error is in the auth part, the reason is probably that FTP chroots you. Then you only see a relative filesystem path.
Thus I doubt that the AuthUserFile line has a correct path: you must specify an absolute path.
I've stumbled upon a strange issue.
Lets say I have folder in main domain directory: /myfolder
When I try to access index of files in this folder I go to: myurl.com/myfolder
And it works without any problems.
Now when I put .htaccess with password protection in this folder like:
AuthUserFile /home/mywebsite/.htpasssomerandomname
AuthType Basic
AuthName "Authentication Required"
Require valid-user
Suddenly instead of asking me for password when I try to access myurl.com/myfolder I get 404 wordpress template page.
Below is my .htaccess in main WordPress folder.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
Any ideas what might be a problem?
I don't understand why but it seems adding below line to .htaccess inside protected folder fixed this issue:
ErrorDocument 401 "Authorisation Required"
I've found this fix online but without explanation why it actually works that way. Anyone can add explanation? It just feels like it really shouldn't be like that.
I'm a complete newbie.
I'm using Latest Wordpress 3.8.1
The issue is the login box(of private membership, located in /member_area) is appearing on home page .. which is just a landing page.. and I don't want this box to appear there.
I have a sub directory called member_area which is having all html files.. and in this sub-directory the following .htaccess is present:
########### AMEMBER START #####################
AuthType Basic
AuthName "Members Only"
AuthUserFile /home2/rtvouche/public_html/ph/amember/data/.htpasswd
AuthGroupFile /home2/rtvouche/public_html/ph/amember/data/.htgroup
Require group PRODUCT_1
########### AMEMBER FINISH ####################
Whereas in my root WP directory, the following .htaccess is present:
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
So what I want is ... in only /member_area the login box should come... but it should not appear on homepage.
Thanks in advance...
For membership use plugin wp member this plugin used to arrage member
I am having problem with an htaccess authentification.
I have a wordpress website and would like to restrict access on it. In the root folder, i have added an htaccess and a htpasswd.
Htaccess codes:
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
AuthType Basic
AuthName "Protected Area"
AuthUserFile /home/anglolabs/webapps/financial/.htpasswd
Require valid-user
And the htpasswd is as such:
admin:$apr1$wcax9ykl$uH5ktq9NL/9fqtw5lzYLy1
I am being prompted the box but when entering the username/password, I am being redirected to "500-Internal Server Error".
Sounds like the HTTP Auth is working, but you Apache/PHP is busted.
500 means there was an error executing the PHP. Check your server logs, if you have questions post back what the logs show (might need to use Github Gist or Pastbin)
I'm helping a colleague with a recurring issue that's just started happening to multiple sites of his after upgrading to the latest release of WP... He had 4 sites go down today. Here's the message he received back from the server host...
The coding that wordpress posts into
the .htaccess file is basically being
re-pasted in a malformed fashion.
Basically we just separate these two
as you can see below. Contrary to the
post statement I had seen previously,
there is nothing in the apache logs
files indicating any changes to you
site. Neither are there entries over
cpanel or FTP. All methods of
compromise have been exhausted. I do
not believe your scripts are being
compromised in any manner. This is an
issue within wordpress itself. Have
there been any changes to the blogs,
or perhaps any changes that effected
all accounts recently?
The curious part to me in the extract of contents from hit .htaccess file is this:
</IfModulden
# END Word</Limit>
AuthName siteeakers.net
AuthUserFile /home/site/public_html/_vti_pvt/service.pwd
AuthGroupFile /home/site/public_html/_vti_pvt/service.grp
Here is the full text from the hosting provider or the before and after htaccess fix...
Before...
root#cherry [/home/site/public_html]# cat .htaccess
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModulden
# END Word</Limit>
AuthName siteeakers.net
AuthUserFile /home/site/public_html/_vti_pvt/service.pwd
AuthGroupFile /home/site/public_html/_vti_pvt/service.grp
Options All -Indexes
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
After...
root#cherry [/home/site/public_html]# cat .htaccess
AuthName siteeakers.net
AuthUserFile /home/site/public_html/_vti_pvt/service.pwd
AuthGroupFile /home/site/public_html/_vti_pvt/service.grp
Options All -Indexes
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
This
</IfModulden
# END Word</Limit>
is definitely a replace operation gone wrong. It should probably read
</IfModule>
# END WordPress
Update: I think I found some related bugs:
Wordpress Bug #11903
Wordpress Bug #12324
the latter was closed as a duplicate of the former. From what I can see, the function Wordpress uses to write the .htaccess files can crash on a busy server.
11903 seems to have a patch. If this is your problem, maybe try it out.
Things like this are why you should never, ever try to update a live system. Have a local or parallel copy to try things out with; Then do a simple directory rename to replace the running versions.