How to disable HTTP Auth when locked out Private Usernames/password security

While it seems a good idea to have HTTP Authentication and use Private Usernames /Passwords, when you lock your self out it seems impossible to get back in.

You can delete the plugin but while that allows access your admin, you lose the benefit of hide WP-Admin and changing the login URL. (But considering the plugin appears to be no longer supported it might be wiser to delete it anyway.)

However, as long as you have FTP or Cpanel access you can access to remove the Private Username/password options.

The procedure is in the readme.tx file, but is not explicit. Try this, It worked for me, I hope it works for you.

1. Login to Cpanel file manager / FTP and navigate to: wp-content/plugins/lockdown-wp-admin
2. In lockdown-wp-admin directory create / upload a blank text file called disable_auth.txt
3.You can now login without the additional security.
4. In your wordpress admin navigate to Lockdown WP and under HTTP Authentication select Disable HTTP Auth.
5. Check Private Users and if there is a Private User under username delete that person.
5. Return to the Plugin directory and delete the file: disable_auth.txt

All should be good! Logout and login to check (through your secret login link if it was left unchanged). Admin and the plugin should still be accessible. Phew…

FYI Here’s the text from the readme.txt file:

= How can I get back in if Lockdown WP Admin locked me out? =
You can create a .txt file named ‘disable_auth.txt’ in your wp-content/plugins/lockdown-wp-admin/ folder (The file location would be /wp-content/plugins/lockdown-wp-admin/disable_auth.txt). We don’t care about the content but that will disable the HTTP Auth and whatever was locking you out of your site.