Password protecting /wp-admin/

timothya
(@timothya)

16 years, 8 months ago

I have been trying to password protect the wp-admin folder using .htaccess, but instead of asking for the password I get “Error 404 – Not Found”. Any ideas?

Viewing 10 replies - 1 through 10 (of 10 total)

fips
(@fips)

16 years, 8 months ago

What does your .htaccess file say?

Thread Starter timothya
(@timothya)

16 years, 8 months ago

AuthUserFile /home/xxx/public_html/wp-admin/.htpasswd
AuthGroupFile /home/xxx/public_html/wp-admin/
AuthType Basic
AuthName EnterPassword

require user xxx

Thread Starter timothya
(@timothya)

16 years, 8 months ago

BTW… that is the one I wrote, but I even used my hosting company’s tools to password protect, and I get the Error 404 with their .htaccess as well.

4seoblogs
(@4seoblogs)

16 years, 8 months ago

The same problem.
I have installed .htaccess into the folder wp-admin
When i’m trying to get to http://myblog.com/wp-admin – WP redirects me to 404 page.

The server is running CentOS + DirectAdmin. On all servers running DirectAdmin i got THE SAME!! problem. On other servers without DirectAdmin all is OK.
I tried to rebuild Apache (2.0 \ 2.2) all the same.
Please Help, i really need the directory wp-admin password protected.
4seoblogs
(@4seoblogs)

16 years, 8 months ago
problem solved
wp-admin .htaccess
```
ErrorDocument 401 default

AuthType Basic
AuthName "Restricted Area"
AuthUserFile /home/admin/domains/*****.info/public_html/wp-admin/.htpasswd
require valid-user
```
main .htaccess in domain root
```
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress
```
fips
(@fips)

16 years, 8 months ago

For that little extra security it’s probably worth keeping your .htpasswd file outside of the web accessible area. And like 4seoblogs, you shouldn’t need the reference to AuthGroupFile in your .htaccess file if you aren’t intending to use one, TimothyA.

sleeplessindc
(@sleeplessindc)

16 years, 3 months ago

4seoblogs, thank you SO much! I’ve been looking for a solution for how to use password protection on the wp-admin directory and your code above solved it. This should be added to the WordPress documentation.

Shane G.
(@shane-g-1)

16 years, 3 months ago

Hi,

Refer these articles:

http://www.bestwpthemez.com/wordpress/how-to-allow-only-your-ip-adress-on-the-wp-admin-directory-2479/

http://www.bestwpthemez.com/wordpress/how-to-hide-your-wp-admin-login-page-2437/

Also check with this plugin:

http://wordpress.org/extend/plugins/askapache-password-protect/

Thanks,

Shane G.

Wes
(@wlefebvre)

16 years, 3 months ago

The solution is to download your .htaccess file, open it using notepad or similar and add the following code before the WordPress entries, or modify the current ErrorDocument 401 line to the following:

ErrorDocument 401 default

Upload the file back to the server.

I wrote this blog post about it if you need more details.

dayer
(@dayer)

16 years, 1 month ago

Of course. But if any required field in the comments are missing, Apache ask user and password to the visitor. 🙁

PD: although if the visitor click cancel then WordPress gives it the error of the fields 🙂