WordPress.org

Forums

Password protecting /wp-admin/ (11 posts)

  1. TimothyA
    Member
    Posted 5 years ago #

    I have been trying to password protect the wp-admin folder using .htaccess, but instead of asking for the password I get "Error 404 - Not Found". Any ideas?

  2. Fips
    Member
    Posted 5 years ago #

    What does your .htaccess file say?

  3. TimothyA
    Member
    Posted 5 years ago #

    AuthUserFile /home/xxx/public_html/wp-admin/.htpasswd
    AuthGroupFile /home/xxx/public_html/wp-admin/
    AuthType Basic
    AuthName EnterPassword

    require user xxx

  4. TimothyA
    Member
    Posted 5 years ago #

    BTW... that is the one I wrote, but I even used my hosting company's tools to password protect, and I get the Error 404 with their .htaccess as well.

  5. 4seoblogs
    Member
    Posted 5 years ago #

    The same problem.
    I have installed .htaccess into the folder wp-admin
    When i'm trying to get to http://myblog.com/wp-admin - WP redirects me to 404 page.

    The server is running CentOS + DirectAdmin. On all servers running DirectAdmin i got THE SAME!! problem. On other servers without DirectAdmin all is OK.
    I tried to rebuild Apache (2.0 \ 2.2) all the same.
    Please Help, i really need the directory wp-admin password protected.

  6. 4seoblogs
    Member
    Posted 5 years ago #

    problem solved
    wp-admin .htaccess

    ErrorDocument 401 default
    
    AuthType Basic
    AuthName "Restricted Area"
    AuthUserFile /home/admin/domains/*****.info/public_html/wp-admin/.htpasswd
    require valid-user

    main .htaccess in domain root

    # BEGIN WordPress
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
    </IfModule>
    
    # END WordPress
  7. Fips
    Member
    Posted 5 years ago #

    For that little extra security it's probably worth keeping your .htpasswd file outside of the web accessible area. And like 4seoblogs, you shouldn't need the reference to AuthGroupFile in your .htaccess file if you aren't intending to use one, TimothyA.

  8. sleeplessinDC
    Member
    Posted 5 years ago #

    4seoblogs, thank you SO much! I've been looking for a solution for how to use password protection on the wp-admin directory and your code above solved it. This should be added to the WordPress documentation.

  9. Shane G.
    Member
    Posted 5 years ago #

  10. Wes
    Member
    Posted 5 years ago #

    The solution is to download your .htaccess file, open it using notepad or similar and add the following code before the WordPress entries, or modify the current ErrorDocument 401 line to the following:

    ErrorDocument 401 default

    Upload the file back to the server.

    I wrote this blog post about it if you need more details.

  11. dayer
    Member
    Posted 5 years ago #

    Of course. But if any required field in the comments are missing, Apache ask user and password to the visitor. :(

    PD: although if the visitor click cancel then WordPress gives it the error of the fields :)

Topic Closed

This topic has been closed to new replies.

About this Topic