A Near Perfect Substitute for HTaccess Authentication
-
I wanted to leave a review here for this little plugin because it is great for a single reason… (I’m also leaving some recommendations for the plugin author below)
This may be the only plugin of it’s kind that emulates htaccess authentication without actually using htaccess. Most plugins created to lock websites while they’re in development (maintenance mode plugins) either completely block access to the website, or allow an admin to login using a login form on the maintenance screen. The problem with that approach is that if you happen to be doing development on a site with custom login/register screens, you will not be able to see those screens once logging in on the maintenance screen (because you will then be logged into the site, and won’t obviously see the login screen you’re developing).
In the past I would have simply used htaccess authentication (with htpasswd files) to restrict access to the site so only developers could see it. However, I happen to be developing a website right now on Amazon Web Services (AWS) with CloudFront (their CDN). I found that CloudFront is not compatible with htaccess authentication at all. This left me in a real conundrum, as I needed to access restrict our site to developers while still being able to see and work on the website’s login/register page.
That’s where this amazing little plugin came in. This plugin is very simple, but it does what so many other maintenance mode plugins do not. It simply acts as a secondary front door to a website, without interfering with the main front door. When you enter your password into this plugin, it then releases you into the site without actually logging you into WordPress, thus making it possible to do development work on login/register screens.
These are a few recommendations and things of note for the plugin author:
1. I recommend adding a lot more settings to control the look and feel, as I had to re-write all of the css in this plugin to get it to look the way I wanted.
2. Add the ability to input your logo from a local URL in the website’s file system, and not just from the Media Library. We’re not keeping our website’s official images in the media library. I had to edit the plugin to work around this limitation.
3. Introduce a true username/password system that is completely separate from the WordPress users. In other words, provide the ability to create users, each with their own custom password. This would work the same way the plugin works now, by not using the WordPress login functionality. We don’t want to use the WordPress logins for the reasons I recommended this plugin above. Right now the login is limited to a single password. Imagine how flexible this would be if you could create multiple usernames and passwords for developers. This would then be a complete replacement for htaccess authentication.
4. The logo width and height settings are backwards in the settings, in terms of what they actually control.
5. You should correct the spelling of “Maintenance” in the plugin folder name, plugin title, and description. I noticed it was misspelled everywhere as “Maintainance.”
…..
To anyone thinking of using this plugin, I do highly recommend it if you need a convenient replacement for htaccess authentication. For this purpose, it is the perfect solution!
All my best,
~ Michael
- The topic ‘A Near Perfect Substitute for HTaccess Authentication’ is closed to new replies.