htaccess & Apache Auth

  • Hi,

    I’m trying to secure my wordpress installation using an .htaccess file. However, I have custom permalink settings, which adds this to my root .htaccess file:

    # BEGIN WordPress
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
    </IfModule>

    # END WordPress

    As soon as I add anything surrounding the wp-login.php file:

    <Files wp-login.php>
    AuthType Digest
    AuthName “blah”
    AuthUserFile /home/blah/.htpasswd
    Require valid-user
    </Files>

    I get 404 errors. If I remove the first section, the password protection works, but none of my permalinks work. If I remove the second section, permalinks work, but not security.

    I can’t really see what I’m doing wrong here. Anyone have any idea?

    Thanks

Viewing 3 replies - 1 through 3 (of 3 total)

  • I have no problem simulating your auth digest (in other words, it works fine even with custom permalink) by placing:

    <Files wp-login.php>
AuthType Digest
AuthName "blah"
AuthUserFile /home/blah/.htpasswd
Require valid-user
</Files>

    inside the wordpress rewrite rule or outside wordpress rewrite rule (located before wp rewrite rule or after wp rewrite rule)

    Thread Starter gcaprio

    (@gcaprio)

    Incredibly bizzare. This is literally the entire contents of my .htaccess:

    <Files wp-login.php>
    AuthType Digest
    AuthName “blah”
    AuthUserFile /home/blah/.htpasswd
    Require valid-user
    </Files>

    # BEGIN WordPress

    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
    </IfModule>
    # END WordPress

    No matter how I flop them around, or if I place the wp-login rule inside the rewrite rule, I still get a 404. Going to keep trying i guess.

    Thread Starter gcaprio

    (@gcaprio)

    OK, small update. Looks like if I use this:

    <Files wp-login.php>
    Order Deny,Allow
    Deny from All
    Allow from <my ip>
    </Files>

    Things work. So it looks like something is up with my server and the Digest Auth. Thanks for all your help.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘htaccess & Apache Auth’ is closed to new replies.

Tags