http://wordpress.org/support/ WordPress › Support Tag: askapache-password-protect en Thu, 26 Nov 2009 05:24:03 +0000 http://wordpress.org/support/topic/320797#post-1276354 Tue, 10 Nov 2009 15:15:28 +0000 Charybdis 1276354@http://wordpress.org/support/ <p>Wow, thanks for the great support! :D </p> http://wordpress.org/support/topic/320797#post-1245473 Tue, 13 Oct 2009 21:57:42 +0000 Charybdis 1245473@http://wordpress.org/support/ <p>Hello,</p> <p>what I don't understand is that should my host pass ALL the tests, or just some tests? Some tests failed, some don't. The plugin claims that I have to resolve all the issues, is it true?</p> <p>I am using Hostgator shared hosting, will this plugin work with it?<br /> Here are all the technologies I have:<br /> <a href="http://support.hostgator.com/articles/pre-sales-questions/compatible-technologies" rel="nofollow">http://support.hostgator.com/articles/pre-sales-questions/compatible-technologies</a></p> <p><a href="http://wordpress.org/extend/plugins/askapache-password-protect/" rel="nofollow">http://wordpress.org/extend/plugins/askapache-password-protect/</a> </p> http://wordpress.org/support/topic/278368#post-1176224 Sat, 15 Aug 2009 20:35:33 +0000 hakre 1176224@http://wordpress.org/support/ <p>You must ask that exact question to your servers administrator. He/She can enable HTTP Digest Authentication or your hoster does not want to enable it for you.</p> <p>Go, ask your admin / hoster for the server configuration that plugin needs or choose the other type of authentication (basic). Normally basic should do the job on server where digest is not available.</p> <p>Additionally a description on how to password protect any website on the apache webserver can be found in the apache documentation. </p> http://wordpress.org/support/topic/293782#post-1171944 Wed, 12 Aug 2009 04:16:57 +0000 Tranny 1171944@http://wordpress.org/support/ <p>One more voice for update for the plug-in. Hope the developer hasn't given up on this one :o) </p> http://wordpress.org/support/topic/293782#post-1151386 Sun, 26 Jul 2009 00:45:07 +0000 desean 1151386@http://wordpress.org/support/ <p>Hi,</p> <p>Was wondering if there are any news on version 4.7? The last new I heard was from your website in the early beginning of 2009 (link: <a href="http://www.askapache.com/htaccess/htaccess-plugin-blocks-spam-hackers-and-password-protects-blog.html)" rel="nofollow">http://www.askapache.com/htaccess/htaccess-plugin-blocks-spam-hackers-and-password-protects-blog.html)</a>, but no further news from then on.</p> <p>Really hope you will not drop development on this plugin as it is really a great plugin. Unfortunately for me, the current version is broken on my website so I have been waiting for an update to fix the issue.</p> <p>Hope to see an update soon. Thanks.</p> <p><a href="http://wordpress.org/extend/plugins/askapache-password-protect/" rel="nofollow">http://wordpress.org/extend/plugins/askapache-password-protect/</a> </p> http://wordpress.org/support/topic/278368#post-1123265 Thu, 02 Jul 2009 01:44:29 +0000 bamer 1123265@http://wordpress.org/support/ <p>I've had the same problems too for weeks. no go. read all the faq's and everything that I could find through google, but no go. I'm running WP 2.8 on a Linux hosted server at godaddy. why won't this plugin work out of the box? I will keep searching for a feasible way to password-protect a blog without having to spend $$) . . . </p> http://wordpress.org/support/topic/278368#post-1097682 Wed, 10 Jun 2009 21:59:50 +0000 greencode 1097682@http://wordpress.org/support/ <p>I've run the tests for this plugin and the only thing it seems to is "HTTP Digest Authentication" which comes back as "Bummer... you don't have digest capabilities"</p> <p>What does this mean and how can I resolve it so I can utilise the plugin. </p> http://wordpress.org/support/topic/192705#post-1093590 Sat, 06 Jun 2009 14:53:23 +0000 kjetilgf 1093590@http://wordpress.org/support/ <p>Try removing the wp-admin/.htaccess file on your server - eventually also the .htpasswda1 (or .htpasswda3 - depending on which version you've used) on the root of your site.<br /> If you have the original .htaccess file (from the root - from before you activated askapache) you should upload that. (Or - if I remember correctly: upload a blank .htaccess file (or a htaccess.txt that you rename on the server) and the update your permalinks afterwards. Don't remember if that is all, but you won't do any harm trying)<br /> Kjetil </p> http://wordpress.org/support/topic/192705#post-1088985 Mon, 01 Jun 2009 20:05:05 +0000 abigailpeony 1088985@http://wordpress.org/support/ <p>I installed the plugins, and same with others, just can't access my dashboard area. </p> <p>1. I've deleted plugin<br /> 2. I've removed askapache from cpanel password protected directories<br /> 3. I've deleted .ht access in admin folder</p> <p>and when I try to enter my admin area, it directs me to blank page now.<br /> The admin form is exist, but whenever I try to access dashboard, there is a blank page...</p> <p>What should I do ASkapache?<br /> Please reply me ASAP....this is my main job, and I can't work for days....since I've locket out of my dashboard</p> <p>thx </p> http://wordpress.org/support/topic/275577#post-1088942 Mon, 01 Jun 2009 19:31:22 +0000 kjetilgf 1088942@http://wordpress.org/support/ <p>Hi<br /> I've tried several versions and v.4.3.2 is the newest I can make work. Tried it on several sites running WP 2.6.5 and 2.7.1.<br /> The good thing is that it seems to work all places - apart from on one server still on php4.<br /> Thanks,<br /> Kjetil</p> <p><a href="http://wordpress.org/extend/plugins/askapache-password-protect/" rel="nofollow">http://wordpress.org/extend/plugins/askapache-password-protect/</a> </p> http://wordpress.org/support/topic/202946#post-1010865 Tue, 10 Mar 2009 07:35:05 +0000 DrMoonlove 1010865@http://wordpress.org/support/ <p>Installed plugin and recieved this error after tests and activating the wp-login password protect.</p> <p>Internal Server Error</p> <p>The server encountered an internal error or misconfiguration and was unable to complete your request.</p> <p>Please contact the server administrator, <a href="mailto:webmaster@xxxxx.xxxx.com">webmaster@xxxxx.xxxx.com</a> and inform them of the time the error occurred, and anything you might have done that may have caused the error.</p> <p>More information about this error may be available in the server error log.</p> <p>Additionally, a 500 Internal Server Error error was encountered while trying to use an ErrorDocument to handle the request. </p> http://wordpress.org/support/topic/210018#post-1002094 Sun, 01 Mar 2009 18:30:01 +0000 askapache 1002094@http://wordpress.org/support/ <p>wnotowidagdo, <em>wow that's a fun name to type</em></p> <p>I've been working on it since then and am getting ready to roll out the <a href="http://www.askapache.com/htaccess/password-protection-plugin-status.html">new version</a>.. </p> http://wordpress.org/support/topic/210018#post-980260 Mon, 09 Feb 2009 09:20:37 +0000 wnotowidagdo 980260@http://wordpress.org/support/ <p>Hi,</p> <p>First of all it is a great plugin.</p> <p>I found same problem too in my 2.7 installation.</p> <p>Thank you. </p> http://wordpress.org/support/topic/202946#post-965029 Sat, 24 Jan 2009 11:10:33 +0000 locworks 965029@http://wordpress.org/support/ <p>Hi,</p> <p>I have the same situation as the OP.<br /> 1. 4.6.5 working fine on WP 2.7<br /> 2. Deactivated 4.6.5 when being migrated to a new server (host: DreamHost)<br /> 3. Reactivated 4.6.5: all mod_xxx tests failed, except mod_sec<br /> 4. Removed 4.6.5<br /> 5. Installed 4.3.2: all tests are ok, except mod_sec.</p> <p>Any chance that AAPP is looking for a specific version/array of versions for mod_xxx ? </p> <p>Best,</p> <p>Piotr </p> http://wordpress.org/support/topic/214390#post-892085 Thu, 06 Nov 2008 07:23:33 +0000 askapache 892085@http://wordpress.org/support/ <p>Thanks beernews.. nice.</p> <p>I've been working on a completely improved version on/off for about a month with the specific goal of finally ending all the little errors that can crop up when dealing with .htaccess.</p> <p>To that effect I am succeeding marvelously, first I've converted the plugin to a class (4+5 compat), I've replaced my error_handling with WordPress's WP_Error class, and the coolest change is the new tests I've added.</p> <p>To make a long story short, I downloaded each major release of the apache httpd source code starting at version 1.3.0 and finishing with version 2.2.10, I then compiled each version and built a HTTPD from source for all 64 versions. </p> <p>Then I went through each version and determined the compatible modules for that version, and I'm pretty confident that I was also able to find each and every directive allowed by the compatible modules for that version (including core directives).</p> <p>Basically I can now test a server using a variety of methods and determine almost 100% accurately what version of Apache (down to the API) is running, what modules (and versions) are enabled, and each and every directive that is allowed or disallowed for that version. </p> <p>So this is so awesome because now we can enable all sorts of additional security features.</p> <p>Other big changes are:</p> <ul> <li>Completely hands-off updates, so that updating the plugin keeps all your settings.</li> <li>making each SID module have its own configuration and options (like protecting individual files, individual request, and custom exploit strings).</li> <li>Advanced ErrorDocument usage and handling (like tracking repeat offenders and suggesting they be blocked, emailing admin with custom info, etc..)</li> <li>Multi User/Group password Control</li> </ul> <p>And this time I am developing the plugin using a plethora of wordpress installations and configurations, to make sure that it will work regardless of a custom siteurl, blogid, etc..</p> <p>Release will come before 2009.. I have some vacations to take and business to finish first. </p> http://wordpress.org/support/topic/214390#post-888739 Sat, 01 Nov 2008 05:06:28 +0000 beernews 888739@http://wordpress.org/support/ <p>These are not severe security issues.<br /> In fact, none of them are security problems at all, unless you are paranoid about having a standard .htpasswd file, as opposed to crypt() or md5() formatted .htpasswd file.</p> <p>So, to answer your question, you should not be worried about these.<br /> The reason your plugin will not work is because of the lack of HTTP Digest Authentication.</p> <p>-------------------------</p> <p>Looks like I'm done with this plugin :\</p> <p>For anyone who wants to still block directories with images, etc., I recommend using Apache's code in your wordpress home directory .htaccess file (put it anywhere outside of the hash tags ### in that file).</p> <pre><code>RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /wp-content/.*$ [NC] RewriteCond %{REQUEST_FILENAME} !^.+(flexible-upload-wp25js|media)\.php$ RewriteCond %{REQUEST_FILENAME} ^.+\.(php|html|htm|txt)$ RewriteRule .* - [F,NS,L] RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /wp-includes/.*$ [NC] RewriteCond %{THE_REQUEST} !^[A-Z]{3,9}\ /wp-includes/js/.+/.+\ HTTP/ [NC] RewriteCond %{REQUEST_FILENAME} ^.+\.php$ RewriteRule .* - [F,NS,L] Options -Indexes DirectoryIndex index.html index.php /index.php</code></pre> http://wordpress.org/support/topic/202946#post-888718 Sat, 01 Nov 2008 03:54:59 +0000 mlewitz 888718@http://wordpress.org/support/ <p>Oh, two things I did discover...<br /> If the .htaccess or .htpasswda3 files don't exist it will fail. So, I placed empty files where they failed.</p> <p>Also, setting the permissions to 777 causes them to fail, but setting them to 666 seems okay. </p> http://wordpress.org/support/topic/214390#post-888715 Sat, 01 Nov 2008 03:35:49 +0000 beernews 888715@http://wordpress.org/support/ <p>Host migrated to new servers recently. Couldn't access my wp-admin after my server was done (this w/ old version of the plugin). They sent me this email after doing some work..</p> <blockquote><p>We've corrected the .htaccess file in the 'wp-admin/' directory. It appears you had some references to disable the mod_security engine for this directory and we recently upgraded our servers to mod_sec2 so these directives no longer work properly. I've commented them out and the login page is now loading properly.</p></blockquote> <p>Then I had to deactivate the plugin later for some reason and got a 404 error on every site page but my main page. I could still access my admin panel just fine.</p> <p>Put my site into maintenance and phoned tech support. I think they essentially tweaked/reversed what the others did. Upgraded the plugin, re-activated, and failed the test in a number of spots.</p> <p>Took a couple screenshots and am sending these over to tech support. I hope to hear back on why the server doesnt work with the plugin and if so, I'll report back here...by the way I use Hostgator. </p> http://wordpress.org/support/topic/202946#post-888714 Sat, 01 Nov 2008 03:33:03 +0000 mlewitz 888714@http://wordpress.org/support/ <p>Hi askapache,<br /> I'm having the same problems with my site as well.</p> <p>4.3.2 passes all tests except PLAIN encryption (so I'll use this for now)</p> <p>I have a couple custom additions to this V-Ded server, installed by someone at serverprogress.com, so I don't know if they could be contributing factors (APC and mcrypt). I also had mod_security installed and they have some special mod_security configuration file that's supposedly near bulletproof.</p> <p>P.S. Everyone... it was only $50 for the mod_security install &#38; setup. 'Course, I have root &#38; ssh access.</p> <p>If you would like my debug files or a phpinfo() or anything else, let me know, I'll be glad to share to help everyone.<br /> (I'm not too crazy about posting everything here.)</p> <p>askapache... Send me an email to mailme2 at 57mgte period common and I'll send you whatever :-) </p> http://wordpress.org/support/topic/202946#post-881382 Wed, 22 Oct 2008 00:52:28 +0000 askapache 881382@http://wordpress.org/support/ <p>working on it.... </p> http://wordpress.org/support/topic/202946#post-879333 Sun, 19 Oct 2008 08:39:53 +0000 dtc 879333@http://wordpress.org/support/ <p>I'm sticking to 4.3.2 as it's the last version working on my blog. </p> http://wordpress.org/support/topic/202946#post-878507 Fri, 17 Oct 2008 20:37:03 +0000 rschilt 878507@http://wordpress.org/support/ <p>I have activated and tried running 4.6.5 but fails running the tests (same issues as before). This plugin worked fine for me up until 4.6 was released and have not been able to get it to work since. I understand from reading various forums that this is the case for many a folk.</p> <p>(So for me... the plugin just sits there in a non active state waiting for the next version to come along. I really had my hopes pinned on 4.6.5 but will have to wait until a 4.6.6 or perhaps even a 4.7.</p> <p>The concept of AA Password Protect is excellent and when it does work it's definitely the Roll Royce of WP defence plugins.</p> <p>R </p> http://wordpress.org/support/topic/202946#post-878128 Fri, 17 Oct 2008 10:00:44 +0000 askapache 878128@http://wordpress.org/support/ <p>I've released an updated version: <a href="http://wordpress.org/extend/plugins/askapache-password-protect/">4.6.5</a> which will hopefully work 100% for ya! </p> http://wordpress.org/support/topic/210018#post-878127 Fri, 17 Oct 2008 09:58:39 +0000 askapache 878127@http://wordpress.org/support/ <p>@jayroh</p> <p>I think I found the cause of this error and released an updated version: <a href="http://wordpress.org/extend/plugins/askapache-password-protect/">4.6.5</a> </p> http://wordpress.org/support/topic/210018#post-874939 Sun, 12 Oct 2008 23:37:13 +0000 jayroh 874939@http://wordpress.org/support/ <p>I've tried this about a dozen times, going through setup I point it at where I want the file, in multiple places, all writable, readable, everything ... and on first attempt to create the file I get this error:</p> <p><strong>ERROR</strong>: Please make /var/www/&lt;path&gt;/&lt;to&gt;/.htpasswda3 writable and readable</p> <p>Then when I create the file myself, and set perms to 777 I get: </p> <p><strong>ERROR</strong>: Failed to create /var/www/&lt;path&gt;/&lt;to&gt;/.htpasswda3</p> <p>I'm baffled. What's going on here? </p> http://wordpress.org/support/topic/196732#post-873898 Sat, 11 Oct 2008 07:34:33 +0000 askapache 873898@http://wordpress.org/support/ <p>Maybe I'll just become the worlds greatest spammer.. it'd take all of about an hour to accomplish that.. much easier than writing this plugin.</p> <p>SPAMMER CHALLENGE: <a href="http://www.askapache.com/wp-comments-post.php">*come at me with your best*</a> <em>(but if you hack my server and get me in hot-water with my host I'm coming after you... spam/exploits only, no DOS or heavy net-use.)</em> </p> http://wordpress.org/support/topic/196732#post-873896 Sat, 11 Oct 2008 07:27:12 +0000 askapache 873896@http://wordpress.org/support/ <p>Guess what! I've made alot more improvements (this refactoring will never end) to the plugin.. Many are based on improvements to the WordPress Core Files, which I am constantly examining and learning from.. </p> <p>If you've seen the version 4.6 debugging options, you probably won't believe the 4.7 debugging options. I spent the most time implementing even MORE debugging options so that in the future you can find problems much easier... even if you don't know a thing about syslog, php error logging, etc.. Of course all that was done to try and figure out what was causing all of you posters problems.. and I think I am getting close to a 100% mysterious error free plugin! Which is the main goal and a huge step on the way to the ultimate goal of this plugin.</p> <p>I am still working on the user/group management code, so that probably won't be in the upcoming 4.7 release. But one thing I will tell you is the new version will have the best .htaccess anti-spam code for WP (maybe anything) ever seen on the net. (without using mod_security).. It's not incredibly complex or lengthy, the rules are just very specific and very tight. I'm good at finding security vulnerabilities, this is the same thing only backwards.</p> <p>I've been logging the entire HTTP request for every comment/trackback/pingback made to my blog for about 6 months (it took forever to find out how to log the entire request like this... I'm saying even the entire POST body.. just like having wireshark installed on the server!)</p> <p>Then I would manually go through them about once a week (using a lot of linux shell scripting) and detail the subtle differences between spam and a real comment, and try different things. </p> <p>So my blog kills thousands of would-be-spam connections every day to my blog (i actively try to recruit new spammers to study their technique), literally shuts down the TCP connection and wastes 0 bandwidth or CPU that a programming language like PHP used by akismet would waste (basically loading the whole wordpress program for each spam receieved).. </p> <p>So I'm hesitant to publish this info, but then again, these spammers are so stupid that I'm not sure they can even read. What do you think?</p> <p>Look for the update to come out sometime this month.. </p> http://wordpress.org/support/topic/196732#post-867367 Thu, 02 Oct 2008 11:33:11 +0000 steinitz 867367@http://wordpress.org/support/ <p>Hi sweyhrich,</p> <p>I don't think its a permissions problem. I think AA Pass Pro gets confused about where its reading and writing things. I end up with artifacts all over.</p> <p>I'm not sure if it will help you but I posted a nasty hack that got me going (barely) at <a href="http://wordpress.org/support/topic/196640?replies=6#post-867357">topic 196640</a>. That allowed me to protect my <a href="http://learncastle.com">Children's Learning</a> site with others to follow.</p> <p>Don't even try to use the pasword protection -- it hasn't worked since 4.3.5. You can use cpanel to do the same thing without the pain. But the rest of Ask Apache's work is gold.</p> <p>Steve </p> http://wordpress.org/support/topic/196732#post-859972 Tue, 23 Sep 2008 05:15:01 +0000 phillwv 859972@http://wordpress.org/support/ <p>Oh dear, a me-too post.<br /> AAPP v461 on WP261:<br /> ERROR: Failed to create /home/xxx/public_html/.htpasswda3 </p> http://wordpress.org/support/topic/196732#post-853538 Mon, 15 Sep 2008 03:35:31 +0000 sweyhrich 853538@http://wordpress.org/support/ <p>Just downloaded this tonight and tried it out. In the process of activating various things the plugin provides, I was sent to my custom 404 page. Now when I try to go to my wp-admin/index.php file, I am greeted with a drop-down box that says:</p> <p>Authentication required</p> <p>Enter username and password for "Protected By<br /> AskApache" at <a href="http://(my" rel="nofollow">http://(my</a> web site)</p> <p>I entered the username and password I setup in the plugin, and it didn't work. </p> <p>I deleted the .htaccess file from my wp-admin directory, and I still get the drop-down box. </p> <p>So now, I am basically barred from my own Wordpress site because of something left behind by this plugin. How do I de-activate it, when I can't even get to my admin page??</p> <p>Help! </p>