WordPress.org

1. questiondetaille
   Member
   Posted 1 year ago #

   Hi guys :
   I only want to know if somebody experienced the same problem as me.
   I've installed askapache which seems to pass all the tests correctly.
   The htaccess files have been installed too, as well as the .password
   on the root.

   The problem is when I try to access directly to http://www.mysite.com/wp-login.php, I do not see any prompt in order to put the login and passw specified in askapache...

   Maybe did I miss something ?

   thanks a lot

   http://wordpress.org/extend/plugins/askapache-password-protect/

2. askapache
   Member
   Posted 1 year ago #

   Your blogroot .htaccess file should have something similar to:

   <Files wp-login.php>
   Satisfy Any
   AuthType Digest
   AuthName "Protected by AskApache"
   AuthDigestDomain /wp-admin/ https://www.askapache.com/wp-admin/ https://www.askapache.com/wp-login.php
   AuthUserFile /home/askapache-mirror4/.htpasswd
   Require user gravedigger
   </Files>

   There is no way to view wp-login.php over remote http(s) unless you login... so there is no way the prompt wouldnt appear (unless you already logged in, logins are cached by all browsers until the browser is closed).

   I think the sneakiest problem is all these webhosts don't have errordocuments setup by default... which is truly amazingly bad. Another amazing problem I hear sometimes is that some hosts using various servers that are not always apache are saving money by only updating the server config from a directory-context .htaccess file once an hour, or longer!

   Make sure you have setup LOCAL errordocuments (in your blogroot .htaccess)..
   

   ErrorDocument 401 /errordocs/401.html
   ErrorDocument 403 /wp-content/403.html
   
   # this just guarantees they will use the right status code,  may need.
   #Redirect 401 /errordocs/401.html
   #Redirect 403 /wp-content/403.html

   An example 401 is @askapache.com/show-error-401/, an example 403 is @askapache.com/show-error-403/, actually all 53 errordocuments.

3. askapache
   Member
   Posted 1 year ago #

   Does your AuthDigestDomain include / or wp-login.php? I changed the current version to not be as clear on that. Check httpd.apache.org

4. questiondetaille
   Member
   Posted 1 year ago #

   askapache thanks a lot for answering so fast....
   I'm going to become crazy !!
   I checked out my root .htaccess and all seem to be allright :

   <Files wp-login.php>
   Satisfy Any
   AuthType Digest
   AuthName "Protected By AskApache"
   AuthDigestDomain /wp-admin/ https://www.mysite.com/wp-admin https://www.mysite.com/wp-login.php
   AuthUserFile /home/mysite/.htpasswd
   Require valid-user
   </Files>

   I still can access to wp-config.php without any prompt... this is very frustrating...
   I place an "Order allow,deny" in the htaccess in order to see how it responds, and immediately it deny access for the whole site...
   I also placed 401 and 403 files but .. nothing !

   I really don't understand what happens...sure I'm doing something wrong and very stupid but what ???

5. questiondetaille
   Member
   Posted 1 year ago #

   I just asked a minute ago to my hoster if it does any delay in order to take in count the htaccess command but it doesn't.. still convinced there's something wrong but what... that's the BIG question

   thanks

Topic Closed

This topic has been closed to new replies.