How can I password protect development Wordpress site complete from search engines and humans using htaccess.
Also can you specify in which folder I need to keep .htaccess file in wordpress to complete block it.
I tried it with following htacess file but after logging in only homepage showsup and other pages don't work.
SetEnvIf Host dev.test.com passreq
AuthType Basic
AuthName "restricted area"
AuthUserFile /home/user/dev.test.com/wp-content/themes/theme_name/.htpasswd
Require valid-user
Order allow,deny
allow from all
Deny from env=passreq
Satisfy any
What am I doing wrong? Currently I am keeping .htaccess file in *wp-content/theme/theme_name/.htaccess*
You should put your file in your Webroot to completely password protect it. Putting it under *wp-content/theme/theme_name will only protected files served from this directory
Related
Does anyone know how to password protect a directory in a Wordpress plugin folder WITHOUT .htaccess?
Apparently WPEngine no longer lets you put htaccess files in the directory - it's been depreciated for some reason.
This would seem to be a loaded question... just because you can't use .htaccess in the directory you want to protect, doesn't necessarily mean you can't use the main .htaccess file in the root.
On Apache 2.4 you can use an Apache <If> expression to limit the HTTP Authentication directives to just that directory.
For example:
<If "%{REQUEST_URI} =~ m#^/wp-content/plugins/#">
AuthType Basic
AuthName "Private Area"
AuthUserFile "/private/path/outside/document-root/.htpasswd-wp-content-plugins"
Require valid-user
</If>
I have a site which is in wordpress, there is one folder within root of that, Which is built in static php.
When i am trying to protect that site with .htaccess it conflicts with root .htaccess of wordpress.
I have placed the protection htaccess within the folder
this is what i put in webmaster directory .htaccess file but it goes 404
ErrorDocument 401 /401.html
AuthType Basic
AuthName "welvo maker"
AuthUserFile "/home/welvo/.htpasswds/public_html/webmaster/passwd"
require valid-user
Hello you can protect subfolder directory using .htaccess by adding below line
RewriteBase /subfolderdirectoryname
As well as you can see reference link which will help you to understand better.
New rewrite rules in subdirectory with htaccess
I used to protect files in olders versions of apache with this code in the folderĀ“s .htaccess file:
AuthUserFile /home/folder/.htpasswds/.htpasswd
AuthName "Password Protected Area"
AuthType basic
<Files "wp-login.php">
require user superadmin
</Files>
With my .htpasswd being like this:
admin:EBbqCq1YlLHSQ
superAdmin:PrlugFjcTaqlg
But my ISP updated apache and the code in my .htacess stop working and the whole site displayed error 500.
Im trying to protect wp-login.php of wordpress to add an aditional layer of protection in case of a brute force attack.
I have looked for a solution but I havent found a soluction yet.
Any help will be greatly appreciated
Ive found the solution
<FilesMatch "wp-login.php">
AuthType Basic
AuthName "Secure Area"
AuthUserFile "/home/example/.htpasswds/public_html/wp-admin/passwd"
require valid-user
</FilesMatch>
http://www.inmotionhosting.com/support/website/wordpress/prevent-unauthorized-wp-admin-wp-login-php-attempts
I am trying to password protect the wp-login.php file in Wordpress but getting errors.
This is the code that I am adding to the main .htaccess file (obviously the path to the passwd file is correct).
# Protect wp-login
<Files wp-login.php>
AuthUserFile "/path/to/my/passwd"
AuthName "Private access"
AuthType Basic
require valid-user
</Files>
All works well if Permalinks are off. If I switch off Wordpress Permalinks, then when accessing site.com/wp-login.php redirects in infinite loop and request goes in timeout with the page never displaying.
If I switch on the Permalinks, Worpress adds the directives just after the above block of code that I have posted.
What can be causing this and how can I get this security measure to work along side permalinks?
ErrorDocument 401 default
as explained here this was missing from the .htaccess file
I have a domain I use for development purposes. In this domain I have several subdirectories with different wordpress installations.
To hide the whole area I made a simple htpasswd protection in the root.
Now I have one of this Wordpress in the domain that uses timthumb library to resize images, and due to the htpasswd, I get "NetworkError: 400 Bad Request" instead of the image.
This is an example of the request that gets the error
http://subdomain.domain.com/WP/wp-content/plugins/plugin-directory/timthumb.php?src=http%3A%2F%2Fsubdomain.domain.com%2FWP%2Fwp-content%2Fuploads%2F2015%2F01%2F012015_valentines_hp_budvase.jpg&w=300&h=620&zc=1
Is there a way to bypass the protection only for that file?
More details on my paths to better read my .htaccess snippets:
I'm in a subdomain pointed to a subdirectory called 'subdomain_folder'
.htaccess I'm working on is located in 'subdomain_folder'
WP is in a subdirectory called 'WP' inside 'subdomain_folder'
Complete Path to WP: '/home/some-folder/public_html/subdomain_folder/WP
Complete Path to Uploads: '/home/some-folder/public_html/subdomain_folder/WP/wp-content/uploads
I tried this:
SetEnvIf Request_URI "^/WP/wp-content/plugins/plugin-dir/timthumb\.php$" allow
AuthType Basic
AuthName "Restricted Area"
AuthUserFile "/home/some-folder/.htpasswds/public_html/subdomain_folder/passwd"
Require valid-user
Order allow,deny
Allow from env=allow
Satisfy any
UPDATE
Someone adviced me that allowing access to timthumb.php file it's pointless, instead I should allow him to make http requests, or allow full access to uploads folders so, I tried the following, allowing requests from localhost ip
AuthType Basic
AuthName "Reserverd Area"
AuthUserFile "/home/some-folder/.htpasswds/public_html/subdomain_folder/passwd"
Require valid-user
Order Deny,Allow
Deny from all
Allow from 127.0.0.1
Satisfy Any
Tried both localhost and 127.0.0.1
I even tried to add another .htaccess in the single WP upload folder (where timthumb asks for images) with rule to allow from any
Satisfy Any
Order Allow,Deny
Allow from all
Still I cant' get images shown, and I keep getting the NetworkError: 400 Bad Request" instead of the image.
Last Detail, the .htaccess in the WP directory is a standard wp htaccess --> pastebin.com/8PRqEYQ2
I Found the solution.
The right way is indeed allowing requests from the server itself, but the localhost IP (127.0.0.1) was not the right adress to allow.
I made a Reverse IP Lookup searching for the domain I'm on, and I used that IP.
This is the .htaccess that works
RewriteEngine On
<IfModule mod_authn_file.c>
AuthName "Restricted Area"
AuthUserFile "/home/path-to-passfile/passwd"
AuthType Basic
Require valid-user
Order Deny,Allow
Deny from all
# Use your server ip:
Allow from 111.111.111.11
Satisfy Any
</IfModule>
With this rules I can develop apps using timthumb.php in .htpasswd protected directory.
Criticisms and improvements are welcome :)