• WP-Security indicates the need for an htaccess file in wp-admin/, but what exactly are the codes that are supposed to be in that htaccess file within wp-admin? I’ve looked through other forum threads and can’t seem to find this information, or how the code get generated. Currently, my htaccess in that location is empty, and I would like to get that resolved to beef up security. Thanks

Viewing 13 replies - 1 through 13 (of 13 total)
  • Thread Starter inspired2write

    (@inspired2write)

    From the first url you referenced, it looks like if I choose to add this to the file that it’s probably the best choice:

    <Files ~ "\.(php)$">
    AuthUserFile /etc/httpd/htpasswd
    AuthType Basic
    AuthName "restricted"
    Order Deny,Allow
    Deny from all
    Require valid-user
    Satisfy any
    </Files>

    One question though – When I upgrade WordPress is that going to pose any problem?

    The other url info is also good, but I’ll have to take a closer look at that to decide which route to go with. Thank you, Samboll!

    that looks good for an .htaccess for wp-admin
    you should keep a copy of the file, though it should be ok in upgrades

    Thread Starter inspired2write

    (@inspired2write)

    Okay, I just tried that code and then went into my admin panel (which I already had opened in a browser tab). When I tried to click on an admin function from my admin panel it took me to the front of my website, and using the browser back button it wouldn’t allow me to get back into the admin panel. So, I went back into my ftp and removed the code back to an empty htaccess file, and now I can access my admin panel again. What did I do wrong?

    The htaccess file is installed here:
    root/myurl.com/wp-admin
    Then just below that, the first ‘file’ is the htaccess file, just below the ‘directories’.

    Thread Starter inspired2write

    (@inspired2write)

    Just thought perhaps the problem is with the permissions? If that’s the possibility, what are the chmod codes for the htaccess in wp-admin.

    Thread Starter inspired2write

    (@inspired2write)

    The chmod is currently 644. Can anyone tell me if that’s possibly the issue as to why the htaccess code didn’t work? It caused me to get redirected from my admin panel to the front end when I tried to access something in the admin dashboard. Thanks again, to whoever can help me with this!

    The chmod is currently 644

    that should be fine.
    I don’t see why you would be redirected, either.

    Thread Starter inspired2write

    (@inspired2write)

    Before I tried it this time I logged out of my admin panel, and cleared my browser cache. Then I added the codes back into the wp admin htaccess file. When I try to login to my dashboard it takes me to the front of my site instead, so I still can’t get it to work, and can’t figure out why it would redirect me to the front of my site?

    Thread Starter inspired2write

    (@inspired2write)

    If this additional information is of any help for someone to provide me with a resolve, I wanted to add that about a month ago I also tried the Ask Apache plugin, which wouldn’t work on my site. My host even got involved with attempting to get that plugin to work, but was unsuccessful. He couldn’t figure out why (or couldn’t dedicate the time to).

    Looking again at the code that I’m trying to add to the wp-admin htaccess file, (shown above) am I supposed to add a line that permits my ip or something? Or, was I suppose to create some sort of a password for it? Still trying to figure out why it causes me to get redirected to the front end of my site and kicks me out of my admin panel, and also not allowing me to login when I add the codes to the file. Thanks again.

    sorry – thought you understood better

    this line
    AuthUserFile /etc/httpd/htpasswd
    you will want to be like
    AuthUserFile /domain.com/httpd/.htpasswd
    httpd would be a folder you create that one wouldn’t guess
    you create a .htpasswd file with user name and password and put it in the folder you create

    this line
    AuthName "restricted"
    where restricted is would be the actual user name you put in .htpasswd file

    I must say, though, if ask apache didn’t work, I doubt this will either – sounds like a server config issue

    Thread Starter inspired2write

    (@inspired2write)

    Hi Samboll,

    sorry – thought you understood better

    Thanks for the vote of confidence, but no, I know just enough to be dangerous with some things – lol. And, I’m also now wondering if I would run into the same server issue since it’s similar to what Ask Apache attempted to do, which as you know didn’t work for me. I guess I’ll probably have to try a plan B if there is one. Thanks for your help.

    Thread Starter inspired2write

    (@inspired2write)

    Thank you samboll,
    I bookmarked that link and will take a look at my alternatives.

Viewing 13 replies - 1 through 13 (of 13 total)
  • The topic ‘Codes for htaccess in wp-admin’ is closed to new replies.