Apache authentication inside a WordPress installWebDAV on CentOS - getting 403 error when attempt to uploadHow to Protect Apache server from this attack.htaccess directory nightmareApache mod_setenvif Server_Addr.htaccess password protection not working in localhostApache authentication requirement based on locationDoes Amazon Elastic Beanstalk cope with HTTP Authentication?Mod_rewite - do these rewrite rules work?Difference b/w .htaccess and example.com.confPHP scripts fail after adding .htaccess to password protect a dir
Where did the “vikings wear helmets with horn” stereotype come from and why?
What are the problems in teaching guitar via Skype?
What is the probability of having a pair of doubles when throwing dice?
Infinitely many hats
Turn on QGIS Dark Mode
What is the difference between nullifying your vote and not going to vote at all?
Can a helicopter mask itself from Radar?
What caused the tendency for conservatives to not support climate change regulations?
If a massive object like Jupiter flew past the Earth how close would it need to come to pull people off of the surface?
Is having a hidden directory under /etc safe?
What is the indigenous Russian word for a wild boar?
How to prevent bad sectors?
Can an old DSLR be upgraded to match modern smartphone image quality
Adding strings in lists together
Mother abusing my finances
How old was this woman (from Tomb of Annihilation) at her death?
Uncommanded roll at high speed
If a problem only occurs randomly once in every N times on average, how many tests do I have to perform to be certain that it's now fixed?
Modern approach to radio buttons
What are the slash markings on Gatwick's 08R/26L?
Socratic Paradox
Differences between “pas vrai ?”, “c’est ça ?”, “hein ?”, and “n’est-ce pas ?”
chmod would set file permission to 000 no matter what permission i try to set
The deliberate use of misleading terminology
Apache authentication inside a WordPress install
WebDAV on CentOS - getting 403 error when attempt to uploadHow to Protect Apache server from this attack.htaccess directory nightmareApache mod_setenvif Server_Addr.htaccess password protection not working in localhostApache authentication requirement based on locationDoes Amazon Elastic Beanstalk cope with HTTP Authentication?Mod_rewite - do these rewrite rules work?Difference b/w .htaccess and example.com.confPHP scripts fail after adding .htaccess to password protect a dir
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;
I am currently running into an issue with trying to password protect a directory that is sitting inside a directory that's running WordPress. This is for a directory called "admin" that handles a few things outside of WP.
In my WordPress .htaccess file, I have set a rule to ignore this directory.
RewriteEngine On
RewriteBase /
RewriteRule ^(admin|index.php)$ - [L]
RewriteCond %REQUEST_FILENAME !-f
RewriteCond %REQUEST_FILENAME !-d
RewriteRule . /index.php [L]
When I go to my admin directory, it works just fine and I'm able to see what I should be seeing (basic PHP stuff).
However, when I try and password protect that directory by putting an .htaccess and .htpassword file in there, I get a WordPress 404 error. This is what it looks like:
AuthUserFile /home/myuser/public_html/admin/.htpasswd
AuthName "Password Protected Area"
AuthType Basic
<limit GET POST>
require valid-user
</limit>
It (obviously) has something to do with the "require valid-user" line. This particular .htaccess/.htpasswd file worked just fine on a similar server set up.
Any thoughts?
apache-2.2 .htaccess wordpress password-protected .htpasswd
asked Apr 4 '11 at 18:03
Charles ChadwickCharles Chadwick
2816
add a comment |
I am currently running into an issue with trying to password protect a directory that is sitting inside a directory that's running WordPress. This is for a directory called "admin" that handles a few things outside of WP.
In my WordPress .htaccess file, I have set a rule to ignore this directory.
RewriteEngine On
RewriteBase /
RewriteRule ^(admin|index.php)$ - [L]
RewriteCond %REQUEST_FILENAME !-f
RewriteCond %REQUEST_FILENAME !-d
RewriteRule . /index.php [L]
When I go to my admin directory, it works just fine and I'm able to see what I should be seeing (basic PHP stuff).
However, when I try and password protect that directory by putting an .htaccess and .htpassword file in there, I get a WordPress 404 error. This is what it looks like:
AuthUserFile /home/myuser/public_html/admin/.htpasswd
AuthName "Password Protected Area"
AuthType Basic
<limit GET POST>
require valid-user
</limit>
It (obviously) has something to do with the "require valid-user" line. This particular .htaccess/.htpasswd file worked just fine on a similar server set up.
Any thoughts?
apache-2.2 .htaccess wordpress password-protected .htpasswd
asked Apr 4 '11 at 18:03
Charles ChadwickCharles Chadwick
2816
A 401 error, as opposed to a 404, is what you would expect to see if therequire valid-userline were breaking things. Anything helpful in the Apache error log?
– Shane Madden♦
Apr 4 '11 at 18:20
It specifically says 404, not 401 (but I that's coming from WordPress). And no, I don't see anything in the error log.
– Charles Chadwick
Apr 4 '11 at 20:23
add a comment |
I am currently running into an issue with trying to password protect a directory that is sitting inside a directory that's running WordPress. This is for a directory called "admin" that handles a few things outside of WP.
In my WordPress .htaccess file, I have set a rule to ignore this directory.
RewriteEngine On
RewriteBase /
RewriteRule ^(admin|index.php)$ - [L]
RewriteCond %REQUEST_FILENAME !-f
RewriteCond %REQUEST_FILENAME !-d
RewriteRule . /index.php [L]
When I go to my admin directory, it works just fine and I'm able to see what I should be seeing (basic PHP stuff).
However, when I try and password protect that directory by putting an .htaccess and .htpassword file in there, I get a WordPress 404 error. This is what it looks like:
AuthUserFile /home/myuser/public_html/admin/.htpasswd
AuthName "Password Protected Area"
AuthType Basic
<limit GET POST>
require valid-user
</limit>
It (obviously) has something to do with the "require valid-user" line. This particular .htaccess/.htpasswd file worked just fine on a similar server set up.
Any thoughts?
apache-2.2 .htaccess wordpress password-protected .htpasswd
asked Apr 4 '11 at 18:03
Charles ChadwickCharles Chadwick
2816
I am currently running into an issue with trying to password protect a directory that is sitting inside a directory that's running WordPress. This is for a directory called "admin" that handles a few things outside of WP.
In my WordPress .htaccess file, I have set a rule to ignore this directory.
RewriteEngine On
RewriteBase /
RewriteRule ^(admin|index.php)$ - [L]
RewriteCond %REQUEST_FILENAME !-f
RewriteCond %REQUEST_FILENAME !-d
RewriteRule . /index.php [L]
When I go to my admin directory, it works just fine and I'm able to see what I should be seeing (basic PHP stuff).
However, when I try and password protect that directory by putting an .htaccess and .htpassword file in there, I get a WordPress 404 error. This is what it looks like:
AuthUserFile /home/myuser/public_html/admin/.htpasswd
AuthName "Password Protected Area"
AuthType Basic
<limit GET POST>
require valid-user
</limit>
It (obviously) has something to do with the "require valid-user" line. This particular .htaccess/.htpasswd file worked just fine on a similar server set up.
Any thoughts?
apache-2.2 .htaccess wordpress password-protected .htpasswd
apache-2.2 .htaccess wordpress password-protected .htpasswd
asked Apr 4 '11 at 18:03
Charles ChadwickCharles Chadwick
2816
asked Apr 4 '11 at 18:03
Charles ChadwickCharles Chadwick
2816
asked Apr 4 '11 at 18:03
Charles ChadwickCharles Chadwick
2816
asked Apr 4 '11 at 18:03
Charles ChadwickCharles Chadwick
2816
asked Apr 4 '11 at 18:03
Charles ChadwickCharles Chadwick
2816
2816
A 401 error, as opposed to a 404, is what you would expect to see if therequire valid-userline were breaking things. Anything helpful in the Apache error log?
– Shane Madden♦
Apr 4 '11 at 18:20
It specifically says 404, not 401 (but I that's coming from WordPress). And no, I don't see anything in the error log.
– Charles Chadwick
Apr 4 '11 at 20:23
add a comment |
A 401 error, as opposed to a 404, is what you would expect to see if therequire valid-userline were breaking things. Anything helpful in the Apache error log?
– Shane Madden♦
Apr 4 '11 at 18:20
It specifically says 404, not 401 (but I that's coming from WordPress). And no, I don't see anything in the error log.
– Charles Chadwick
Apr 4 '11 at 20:23
A 401 error, as opposed to a 404, is what you would expect to see if the
require valid-user line were breaking things. Anything helpful in the Apache error log?– Shane Madden♦
Apr 4 '11 at 18:20
A 401 error, as opposed to a 404, is what you would expect to see if the
require valid-user line were breaking things. Anything helpful in the Apache error log?– Shane Madden♦
Apr 4 '11 at 18:20
It specifically says 404, not 401 (but I that's coming from WordPress). And no, I don't see anything in the error log.
– Charles Chadwick
Apr 4 '11 at 20:23
It specifically says 404, not 401 (but I that's coming from WordPress). And no, I don't see anything in the error log.
– Charles Chadwick
Apr 4 '11 at 20:23
add a comment |
1 Answer
1
active
oldest
votes
Try closing your browser and then trying to connect. You may have cached credentials that are being used.
If you have multiple secured directories with different passwords, use different values for the Authname.
EDIT: Try moving the Require outside the Limit statement. I always group the Auth definitions with the Require statement in the same block.
Your error seems to indicate the requested resource does not exist or is not readable. Try removing your rewrite modifications for admin. The standard rewrite rules work well with directories and files mixed into the Wordpress installation.
You may want to use a LimitExcept block instead of a Limit block to prevent access other than GET or POST. This is my working .htaccess file.
AuthType Basic
AuthName "Restricted Access"
AuthUserFile /etc/wordpress/htpasswd
Require Valid-User
<LimitExcept GET POST>
Order allow,deny
Deny from all
</LimitExcept>
Make sure the .ht* files are readable by the web server. I test unauthorized access by changing the user id in the htpasswd file to one I haven't used.
answered Apr 4 '11 at 23:14
BillThor BillThor
24.9k22662
Thanks for the response. I did try closing the browser, but no dice. I'm not even being promoted for a user or password. Also, there is only one directly secured via .htaccess.
– Charles Chadwick
Apr 5 '11 at 18:14
I tried your suggestions, but still no dice. I'm thinking about try to move the admin directory outside of the web root and then just setting up a subdomain.
– Charles Chadwick
Apr 6 '11 at 16:39
@Charles: You can point a subdomain directly at the admin directory. Have you tried without the .htaccess file. If it doesn't work without the .htaccess file then it won't work with one. On Ubuntu the WordPress software is in /usr/share, but symlinked to /var/www for the web server to access it.
– BillThor
Apr 6 '11 at 21:42
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "2"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f255565%2fapache-authentication-inside-a-wordpress-install%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
Try closing your browser and then trying to connect. You may have cached credentials that are being used.
If you have multiple secured directories with different passwords, use different values for the Authname.
EDIT: Try moving the Require outside the Limit statement. I always group the Auth definitions with the Require statement in the same block.
Your error seems to indicate the requested resource does not exist or is not readable. Try removing your rewrite modifications for admin. The standard rewrite rules work well with directories and files mixed into the Wordpress installation.
You may want to use a LimitExcept block instead of a Limit block to prevent access other than GET or POST. This is my working .htaccess file.
AuthType Basic
AuthName "Restricted Access"
AuthUserFile /etc/wordpress/htpasswd
Require Valid-User
<LimitExcept GET POST>
Order allow,deny
Deny from all
</LimitExcept>
Make sure the .ht* files are readable by the web server. I test unauthorized access by changing the user id in the htpasswd file to one I haven't used.
answered Apr 4 '11 at 23:14
BillThor BillThor
24.9k22662
Thanks for the response. I did try closing the browser, but no dice. I'm not even being promoted for a user or password. Also, there is only one directly secured via .htaccess.
– Charles Chadwick
Apr 5 '11 at 18:14
I tried your suggestions, but still no dice. I'm thinking about try to move the admin directory outside of the web root and then just setting up a subdomain.
– Charles Chadwick
Apr 6 '11 at 16:39
@Charles: You can point a subdomain directly at the admin directory. Have you tried without the .htaccess file. If it doesn't work without the .htaccess file then it won't work with one. On Ubuntu the WordPress software is in /usr/share, but symlinked to /var/www for the web server to access it.
– BillThor
Apr 6 '11 at 21:42
add a comment |
Try closing your browser and then trying to connect. You may have cached credentials that are being used.
If you have multiple secured directories with different passwords, use different values for the Authname.
EDIT: Try moving the Require outside the Limit statement. I always group the Auth definitions with the Require statement in the same block.
Your error seems to indicate the requested resource does not exist or is not readable. Try removing your rewrite modifications for admin. The standard rewrite rules work well with directories and files mixed into the Wordpress installation.
You may want to use a LimitExcept block instead of a Limit block to prevent access other than GET or POST. This is my working .htaccess file.
AuthType Basic
AuthName "Restricted Access"
AuthUserFile /etc/wordpress/htpasswd
Require Valid-User
<LimitExcept GET POST>
Order allow,deny
Deny from all
</LimitExcept>
Make sure the .ht* files are readable by the web server. I test unauthorized access by changing the user id in the htpasswd file to one I haven't used.
answered Apr 4 '11 at 23:14
BillThor BillThor
24.9k22662
Thanks for the response. I did try closing the browser, but no dice. I'm not even being promoted for a user or password. Also, there is only one directly secured via .htaccess.
– Charles Chadwick
Apr 5 '11 at 18:14
I tried your suggestions, but still no dice. I'm thinking about try to move the admin directory outside of the web root and then just setting up a subdomain.
– Charles Chadwick
Apr 6 '11 at 16:39
@Charles: You can point a subdomain directly at the admin directory. Have you tried without the .htaccess file. If it doesn't work without the .htaccess file then it won't work with one. On Ubuntu the WordPress software is in /usr/share, but symlinked to /var/www for the web server to access it.
– BillThor
Apr 6 '11 at 21:42
add a comment |
Try closing your browser and then trying to connect. You may have cached credentials that are being used.
If you have multiple secured directories with different passwords, use different values for the Authname.
EDIT: Try moving the Require outside the Limit statement. I always group the Auth definitions with the Require statement in the same block.
Your error seems to indicate the requested resource does not exist or is not readable. Try removing your rewrite modifications for admin. The standard rewrite rules work well with directories and files mixed into the Wordpress installation.
You may want to use a LimitExcept block instead of a Limit block to prevent access other than GET or POST. This is my working .htaccess file.
AuthType Basic
AuthName "Restricted Access"
AuthUserFile /etc/wordpress/htpasswd
Require Valid-User
<LimitExcept GET POST>
Order allow,deny
Deny from all
</LimitExcept>
Make sure the .ht* files are readable by the web server. I test unauthorized access by changing the user id in the htpasswd file to one I haven't used.
answered Apr 4 '11 at 23:14
BillThor BillThor
24.9k22662
Try closing your browser and then trying to connect. You may have cached credentials that are being used.
If you have multiple secured directories with different passwords, use different values for the Authname.
EDIT: Try moving the Require outside the Limit statement. I always group the Auth definitions with the Require statement in the same block.
Your error seems to indicate the requested resource does not exist or is not readable. Try removing your rewrite modifications for admin. The standard rewrite rules work well with directories and files mixed into the Wordpress installation.
You may want to use a LimitExcept block instead of a Limit block to prevent access other than GET or POST. This is my working .htaccess file.
AuthType Basic
AuthName "Restricted Access"
AuthUserFile /etc/wordpress/htpasswd
Require Valid-User
<LimitExcept GET POST>
Order allow,deny
Deny from all
</LimitExcept>
Make sure the .ht* files are readable by the web server. I test unauthorized access by changing the user id in the htpasswd file to one I haven't used.
answered Apr 4 '11 at 23:14
BillThor BillThor
24.9k22662
edited Apr 5 '11 at 21:15
answered Apr 4 '11 at 23:14
BillThor BillThor
24.9k22662
answered Apr 4 '11 at 23:14
BillThor BillThor
24.9k22662
answered Apr 4 '11 at 23:14
BillThor BillThor
24.9k22662
24.9k22662
Thanks for the response. I did try closing the browser, but no dice. I'm not even being promoted for a user or password. Also, there is only one directly secured via .htaccess.
– Charles Chadwick
Apr 5 '11 at 18:14
I tried your suggestions, but still no dice. I'm thinking about try to move the admin directory outside of the web root and then just setting up a subdomain.
– Charles Chadwick
Apr 6 '11 at 16:39
@Charles: You can point a subdomain directly at the admin directory. Have you tried without the .htaccess file. If it doesn't work without the .htaccess file then it won't work with one. On Ubuntu the WordPress software is in /usr/share, but symlinked to /var/www for the web server to access it.
– BillThor
Apr 6 '11 at 21:42
add a comment |
Thanks for the response. I did try closing the browser, but no dice. I'm not even being promoted for a user or password. Also, there is only one directly secured via .htaccess.
– Charles Chadwick
Apr 5 '11 at 18:14
I tried your suggestions, but still no dice. I'm thinking about try to move the admin directory outside of the web root and then just setting up a subdomain.
– Charles Chadwick
Apr 6 '11 at 16:39
@Charles: You can point a subdomain directly at the admin directory. Have you tried without the .htaccess file. If it doesn't work without the .htaccess file then it won't work with one. On Ubuntu the WordPress software is in /usr/share, but symlinked to /var/www for the web server to access it.
– BillThor
Apr 6 '11 at 21:42
Thanks for the response. I did try closing the browser, but no dice. I'm not even being promoted for a user or password. Also, there is only one directly secured via .htaccess.
– Charles Chadwick
Apr 5 '11 at 18:14
Thanks for the response. I did try closing the browser, but no dice. I'm not even being promoted for a user or password. Also, there is only one directly secured via .htaccess.
– Charles Chadwick
Apr 5 '11 at 18:14
I tried your suggestions, but still no dice. I'm thinking about try to move the admin directory outside of the web root and then just setting up a subdomain.
– Charles Chadwick
Apr 6 '11 at 16:39
I tried your suggestions, but still no dice. I'm thinking about try to move the admin directory outside of the web root and then just setting up a subdomain.
– Charles Chadwick
Apr 6 '11 at 16:39
@Charles: You can point a subdomain directly at the admin directory. Have you tried without the .htaccess file. If it doesn't work without the .htaccess file then it won't work with one. On Ubuntu the WordPress software is in /usr/share, but symlinked to /var/www for the web server to access it.
– BillThor
Apr 6 '11 at 21:42
@Charles: You can point a subdomain directly at the admin directory. Have you tried without the .htaccess file. If it doesn't work without the .htaccess file then it won't work with one. On Ubuntu the WordPress software is in /usr/share, but symlinked to /var/www for the web server to access it.
– BillThor
Apr 6 '11 at 21:42
add a comment |
Thanks for contributing an answer to Server Fault!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f255565%2fapache-authentication-inside-a-wordpress-install%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
A 401 error, as opposed to a 404, is what you would expect to see if the
require valid-userline were breaking things. Anything helpful in the Apache error log?– Shane Madden♦
Apr 4 '11 at 18:20
It specifically says 404, not 401 (but I that's coming from WordPress). And no, I don't see anything in the error log.
– Charles Chadwick
Apr 4 '11 at 20:23