Protect your wp-login.php page with HTTP Digest Authentication without the need of adding web server modules or changing config files.
This plugin adds an additional layer of protection for the wp-login.php page using HTTP Digest Authentication with the PHP header() function.
So it doesn't require configuring web server files like .htaccess or .htdigest and works on all web hosting environments.
Important: If you already have a plugin which does HTTP Authentication please deactivate it before activating this plugin. Similarly if you have configured your web server to do HTTP authentication on the wp-login.php file please remove it before using this plugin.
If you are using FastCGI PHP this plugin may keep prompting for the credentials even if you enter the right pair, in this case use the following in your
<IfModule mod_setenvif.c> SetEnvIfNoCase ^Authorization$ "(.+)" PHP_AUTH_DIGEST=$1 </IfModule>
The BA (Basic Authentication) mechanism provides no confidentiality protection for the transmitted credentials. They are merely encoded with BASE64 in transit, but not encrypted or hashed in any way.
The HTTP Digest Authentication Plugin official homepage.