UpdraftPlus Behind .htaccess Password Protection

  • Resolved nathanbeach

    (@nathanbeach)


    10 years ago

    Hello,

    I am using UpdraftPlus on several sites and it’s great. I couldn’t get it to work behind an .htaccess password, so I followed the FAQ suggestion to add an “Allow from [IP]” and “Satisfy any” to the .htaccess file.

    That allowed UpdraftPlus to work, but I just started noticing unwanted traffic in my server logs……. the solution actually opened up my server to the world for the last two weeks. Now 14 years of private blogging is indexed on Google even though I’ve re-enabled the password. That sucks.

    I believe it’s because I’m on a shared hosting server, so the loopback IP address is not just mine. Anyway, I really think you guys might want to add a disclaimer in your FAQ. It’s really a dangerous suggestion unless your server has a dedicated IP address.

    All that being, UpdraftPlus is AMAZING. Thank you.

    NBB

    https://wordpress.org/plugins/updraftplus/

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author David Anderson

    (@davidanderson)

    10 years ago

    Hi Nathan,

    Sorry to hear that! There must be something else going on; what else was in your .htaccess? I say that there must be more to it, because “Allow from [IP]” isn’t to do with the *destination* IP (so, whether or not your server is shared doesn’t come in to it), but with source IP. “Satisfy any” interacts with the other stuff you’ve already got in the .htaccess…. there is in fact a paragraph-long disclaimer underneath that .htaccess tip…

    David

    Thread Starter nathanbeach

    (@nathanbeach)

    10 years ago

    Yeah, it’s really confusing to me, too, because it’s the simplest of .htaccess files. I just had my server IP enabled, but then I see no-auth 200 responses for GoogleBot’s IP address just tearing through my site over the last couple weeks.

    I’m sure it’s a 1and1 shared hosting problem. I read on another (unrelated) forum where someone said 1and1 does not support this loopback configuration on shared hosting.

    And yes — your disclaimer totally covers you, just though you might want to add that shared hosting can be jacked up!

    And again: thank you because UpdraftPlus is bad ass on all my other sites.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘UpdraftPlus Behind .htaccess Password Protection’ is closed to new replies.