Forums

WordPress › Support » How-To and Troubleshooting

wp-admin with .htaccess and changing users passwords (8 posts)

  1. Anonymous
    Unregistered
    Posted 3 years ago #

    I am wondering if the following is possible without opening a large security risk as well as creating a huge headache for myself.

    I would like to create a members only blog (you have to login to view any of the site) and allow the users to change their own passwords. (This would mainly be used if they forgot their password and when it is reset they change it).

    This by itself is not hard, what I would like to do as well is secure the wp-admin folder with a .htaccess password.

    this is where the problems currently is. By doing this I have thus cut off all users from being able to change their own passwords. Wondering if there is a way to just create a change password page without creating a too great of security hole in the bog itself.

    Any help would be helpful.

  2. Roy
    Member
    Posted 3 years ago #

    I think there are plenty "members only" plugins. Just look at a few to see if they live up to your needs.

  3. Anonymous
    Unregistered
    Posted 3 years ago #

    The members only is not the hard part. (Though have not found one that works consistently with 2.6 yet)

    It is the restriction of the wp-admin folder with a .htaccess file and then allowing the members to then change their own passwords at a later date.

    DL

  4. Otto
    Tech Ninja
    Posted 3 years ago #

    Provide the members a direct link to the wp-admin/profile.php page somewhere, and then exclude that particular file from your password requirement in the htaccess file.

  5. Anonymous
    Unregistered
    Posted 3 years ago #

    This semi works. It allows you to view the base page but the .js files and the .css files are not viewable.

    Also when you update it messes up the password so you can't login after you change it

  6. mojorob
    Member
    Posted 3 years ago #

    Are you wanting to secure the blog via wordpress, or separately via .htaccess/.htpasswd?

    It is possible to have the blog requiring username/password via .htaccess and having a non-wordpress solution for people to sign-up, change password etc. Then access to wordpress user accounts may not be necessary?

    I've done this on one site, and in things like comment forms I have it access the info (full name & email) from the database of users (their details are also added to the MySQL database, in addition to username & password in .htpasswd). This way, no messing around with wordpress user details (or cookies), and they can change their info pretty easily.

  7. Otto
    Tech Ninja
    Posted 3 years ago #

    It allows you to view the base page but the .js files and the .css files are not viewable.

    You'll have to exclude those from the .htaccess as well then, what?

  8. Anonymous
    Unregistered
    Posted 3 years ago #

    Sorry took so long work trip and all.

    I have excluded the .js and the .css but when the user clicks update profile the password is not reset properly to the password supplied. It results in a user that cannot log in with the new or old password.

    DL

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags

No tags yet.