WordPress.org

Ready to get started?Download WordPress

Forums

Login Issue - Possibly htaccess? (5 posts)

  1. Pete White
    Member
    Posted 5 years ago #

    Hey guys,
    After much work, i've got my new site up and running but am having 1 issue with the site. When a site visitor clicks the "Login" or "Register" button at the top, the .htaccess prompt is displayed for them to type in a username and password, instead of just directed them to the login or register page.

    I currently have 2 .htaccess files...1 in the root, the other in the wp-admin folder. The one in the root has the following code:

    # BEGIN WordPress
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
    </IfModule>

    # END WordPress

    The .htaccess file in the wp-admin folder is setup so that if someone goes to http://www.mysite.com/wp-admin , they are prompted with the .htaccess username and password box before being directed to the wordpress admin login page.

    I have permalinks turned on and the apache mod_rewrite plug-in is enabled on a unix server. Also, I am using the Register Plus plug-in that customizes the login page.

    Any help you could provide would be greatly appreciated! Thanks in advance!

  2. iridiax
    Member
    Posted 5 years ago #

    Remove the .htaccess in the wp-admin folder.

  3. Pete White
    Member
    Posted 5 years ago #

    Thanks for the reply. If I remove the .htaccess file in the wp-admin folder, won't I lose the extra security?

  4. Samuel Wood (Otto)
    Tech Ninja
    Posted 5 years ago #

    What "extra" security is added by having that folder protected by an htpasswd, exactly?

    That sort of additional security is not really necessary, and, as you've discovered, the wp-login relies on files in the wp-admin directory.

  5. Pete White
    Member
    Posted 5 years ago #

    Otto,
    Thanks so much for the response! After doing some general research, I had found several articles that recommended to add an htaccess file in the wp-admin directory to add an extra level of security so that people trying to get to the wp-admin login page to hack it could not access it.

    Have you found this to be untrue? I'm relatively new to wordpress and am trying to take any precautions to make the site as secure as possible.

    Any feedback you can provide is greatly appreciated!

Topic Closed

This topic has been closed to new replies.

About this Topic