WordPress.org

Ready to get started?Download WordPress

Forums

AskApache Password Protect
all is correctly installed but prompt with password isn't (5 posts)

  1. questiondetaille
    Member
    Posted 3 years ago #

    Hi guys :
    I only want to know if somebody experienced the same problem as me.
    I've installed askapache which seems to pass all the tests correctly.
    The htaccess files have been installed too, as well as the .password
    on the root.

    The problem is when I try to access directly to http://www.mysite.com/wp-login.php, I do not see any prompt in order to put the login and passw specified in askapache...

    Maybe did I miss something ?

    thanks a lot

    http://wordpress.org/extend/plugins/askapache-password-protect/

  2. askapache
    Member
    Plugin Contributor

    Posted 3 years ago #

    Your blogroot .htaccess file should have something similar to:

    <Files wp-login.php>
    Satisfy Any
    AuthType Digest
    AuthName "Protected by AskApache"
    AuthDigestDomain /wp-admin/ https://www.askapache.com/wp-admin/ https://www.askapache.com/wp-login.php
    AuthUserFile /home/askapache-mirror4/.htpasswd
    Require user gravedigger
    </Files>

    There is no way to view wp-login.php over remote http(s) unless you login... so there is no way the prompt wouldnt appear (unless you already logged in, logins are cached by all browsers until the browser is closed).

    I think the sneakiest problem is all these webhosts don't have errordocuments setup by default... which is truly amazingly bad. Another amazing problem I hear sometimes is that some hosts using various servers that are not always apache are saving money by only updating the server config from a directory-context .htaccess file once an hour, or longer!

    Make sure you have setup LOCAL errordocuments (in your blogroot .htaccess)..

    ErrorDocument 401 /errordocs/401.html
    ErrorDocument 403 /wp-content/403.html
    
    # this just guarantees they will use the right status code,  may need.
    #Redirect 401 /errordocs/401.html
    #Redirect 403 /wp-content/403.html

    An example 401 is @askapache.com/show-error-401/, an example 403 is @askapache.com/show-error-403/, actually all 53 errordocuments.

  3. askapache
    Member
    Plugin Contributor

    Posted 3 years ago #

    Does your AuthDigestDomain include / or wp-login.php? I changed the current version to not be as clear on that. Check httpd.apache.org

  4. questiondetaille
    Member
    Posted 3 years ago #

    askapache thanks a lot for answering so fast....
    I'm going to become crazy !!
    I checked out my root .htaccess and all seem to be allright :

    <Files wp-login.php>
    Satisfy Any
    AuthType Digest
    AuthName "Protected By AskApache"
    AuthDigestDomain /wp-admin/ https://www.mysite.com/wp-admin https://www.mysite.com/wp-login.php
    AuthUserFile /home/mysite/.htpasswd
    Require valid-user
    </Files>

    I still can access to wp-config.php without any prompt... this is very frustrating...
    I place an "Order allow,deny" in the htaccess in order to see how it responds, and immediately it deny access for the whole site...
    I also placed 401 and 403 files but .. nothing !

    I really don't understand what happens...sure I'm doing something wrong and very stupid but what ???

  5. questiondetaille
    Member
    Posted 3 years ago #

    I just asked a minute ago to my hoster if it does any delay in order to take in count the htaccess command but it doesn't.. still convinced there's something wrong but what... that's the BIG question

    thanks

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic