WordPress.org

Ready to get started?Download WordPress

Forums

htaccess & Apache Auth (4 posts)

  1. gcaprio
    Member
    Posted 4 years ago #

    Hi,

    I'm trying to secure my wordpress installation using an .htaccess file. However, I have custom permalink settings, which adds this to my root .htaccess file:

    # BEGIN WordPress
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
    </IfModule>

    # END WordPress

    As soon as I add anything surrounding the wp-login.php file:

    <Files wp-login.php>
    AuthType Digest
    AuthName "blah"
    AuthUserFile /home/blah/.htpasswd
    Require valid-user
    </Files>

    I get 404 errors. If I remove the first section, the password protection works, but none of my permalinks work. If I remove the second section, permalinks work, but not security.

    I can't really see what I'm doing wrong here. Anyone have any idea?

    Thanks

  2. Reaper-X
    Member
    Posted 4 years ago #

    I have no problem simulating your auth digest (in other words, it works fine even with custom permalink) by placing:

    <Files wp-login.php>
    AuthType Digest
    AuthName "blah"
    AuthUserFile /home/blah/.htpasswd
    Require valid-user
    </Files>

    inside the wordpress rewrite rule or outside wordpress rewrite rule (located before wp rewrite rule or after wp rewrite rule)

  3. gcaprio
    Member
    Posted 4 years ago #

    Incredibly bizzare. This is literally the entire contents of my .htaccess:

    <Files wp-login.php>
    AuthType Digest
    AuthName "blah"
    AuthUserFile /home/blah/.htpasswd
    Require valid-user
    </Files>

    # BEGIN WordPress

    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
    </IfModule>
    # END WordPress

    No matter how I flop them around, or if I place the wp-login rule inside the rewrite rule, I still get a 404. Going to keep trying i guess.

  4. gcaprio
    Member
    Posted 4 years ago #

    OK, small update. Looks like if I use this:

    <Files wp-login.php>
    Order Deny,Allow
    Deny from All
    Allow from <my ip>
    </Files>

    Things work. So it looks like something is up with my server and the Digest Auth. Thanks for all your help.

Topic Closed

This topic has been closed to new replies.

About this Topic