Using Digest authentication with Wordpress


Recommended Posts

I read the Hardening Wordpress article and thought I'd use digest authentication to protect my /blog/wp-admin area of wordpress.

I created a password file using htdigest, then added the following to /blog/wp-admin/.htaccess

  AuthType Digest

  AuthName ""

  AuthDigestAlgorithm MD5


  AuthDigestProvider file

  AuthUserFile /home/dvaenet/apache-auth/auth.digest

  Require valid-user
This kinda works, but it's not right. In Safari 3: I'm prompted for my password for every page load. If I remove the

then I get prompted for every resource.

In Firefox 3: I get the password prompt, but my password doesn't work.

Any idea what I'm doing wrong? I've setup up basic auth and digest auth before, but on Apache on Windows. When Litespeed says it's apache compatible - what version of apache does that mean?


Link to comment
Share on other sites

Ah, yes, I was trying to remove my domain name, but made a school boy error.

Your remark sparked me to try changing to:

AuthDigestDomain /blob/wp-admin

and now it works! Yay, thanks Tony.

Not sure why an absolute URL didn't work where a relative one did though.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.