FAIR

Federated and Independent Repositories

.htaccess Site Access Control

Plugin Banner

.htaccess Site Access Control

by Miina Sikk

Download
Description

Using the password protection will give you extra security layer of protection from brute force hacking attacks. Additionally, it’s also an easy way to password protect your entire site, without needing to create separate WordPress users for each visitor.

When you enable the password protection, the user won’t be able to see anything – not even see the protected page – until he/she inserts the username/password. You can password protect the whole website, including the administrator pages; you can password protect the administrator pages; or you can password protect the WordPress login page.

Free plugin options include:

  • Enabling/disabling the password protection to wp-login.php, WordPress admin pages. Note that you’ll be asked to re-type the .htaccess username/password you created before enabling any of the settings – to ensure that you wouldn’t enable the password protection without even knowing the password yourself!
  • Modifying the existing users: you can change any .htaccess user’s password and remove the users.
  • Adding one .htaccess user.

Premium plugin options:

  • Create/modify an unlimited number of .htaccess users;
  • Protect your whole site, making it accessible to only those who have the .htaccess user.

If you have any other suggestions, please let us know! You can contact us via http://www.wpsos.io/wordpress-plugin-htaccess-site-access-control/

For more information and support, check out: http://www.wpsos.io/wordpress-plugin-htaccess-site-access-control/

The installation and use is very straightforward. You should:

  1. Upload the folder htaccess-site-access-control to the /wp-content/plugins/ directory
  2. Activate the plugin through the ‘Plugins’ menu in WordPress
  3. From the ‘Settings’ menu, there will be a new option, called ‘.htaccess Site Access Control’
  1. Screenshot of the main configuration screen

    Screenshot of the main configuration screen

  2. Screenshot of the enabling/disabling password protection configuration

    Screenshot of the enabling/disabling password protection configuration

  3. Modifying existing users

    Modifying existing users

  4. Adding a new user

    Adding a new user

  5. A password protected wp-login.php page

    A password protected wp-login.php page

Which options do you modify?

As of version 1.0, you can choose between the following options:
1. Enabling/disabling the password protection to wp-login.php, WordPress admin pages, and/or the whole site. Note that you’ll be asked to re-type the .htaccess username/password you created before enabling any of the settings – to ensure that you wouldn’t enable the password protection without even knowing the password yourself!
2. Modifying the existing users: you can change any .htaccess user’s password and remove the users.
3. Adding a new .htaccess user.

Note that you have to have at least one user to be able to enable any of the options: otherwise you would be locked out!

For more information and support, check out: http://www.wpsos.io/wordpress-plugin-htaccess-site-access-control/

The plugin is giving a warning that some of the files need to be writable for it to work, what does this mean?

Since the plugin is protecting your site via modifying .htaccess and .htpasswd files, it works only if these files are writable by WordPress. If the files don’t exist, you can just create empty writable files to the location brought out in the plugin’s warning. You can also see from there which files are already writable and which not.

I forgot my password, and got locked out from the site! What can I do?

For accessing your site again, you have to modify two files:
1. .htaccess file in your WordPress root directory (the directory where the file wp-config.php is located);
2. .htaccess file in your WordPress wp-admin folder

From both files, delete everything BETWEEN these two lines:

  • # BEGIN WPSOS htaccess plugin
  • # END WPSOS htaccess plugin

IMPORTANT: Before modifying either of the files, make a copy of them!

For accessing the files, either use FTP or log in to your web hosting service provider, usually they also enable direct file modification.

Where can I get some support?

Check out our site, at: http://www.wpsos.io/wordpress-plugin-htaccess-site-access-control/

I have some suggestions for other options I want edited

Let us know, via: http://www.wpsos.io/wordpress-plugin-htaccess-site-access-control/

Useful but in need of improvement

By pcgardner on November 9, 2016

The purpose of this plugin is to create additional password protection for the wp-login page, or the wp-admin folder, or even your entire site. It does this by the standard method of adding code to the .htaccess file that gets an additional username and password from a .htpasswd file (in which the MD5 hash of the password is used rather than the password itself). So far so good: it works, but it could be better – hence four stars. When you open the plugin's settings page, it asks you to enter a new user. At first I thought I had to enter my WordPress username, but in fact it wants the new username that you want to use for the additional login box. I realised that when I thought about it, but it should be made clearer. More seriously, it puts the .htpasswd file in the same directory as the .htaccess file that it has modified. That is within the webroot, and so is accessible via http – although the plugin author has attempted to mitigate this by adding some more code to .htaccess preventing Apache from serving .ht* files. Much better is to put the .htpasswd file into the private folder, which is outside the webroot. I did that manually by moving the file and altering the location in .htaccess, both of which can be done using FTP, but it's not convenient. Conclusion: using the plugin is quicker than doing the whole thing manually. It would be quicker still if the settings page allowed you to choose where .htpasswd should be placed. The main advantage of the plugin is that it creates the .htpasswd file automatically; otherwise you would need console access to the server in order to run a script to create the file, or the ability to calculate the MD5 hash of the password if you want to create the file in a text editor.

Bravo

By bill57 on September 3, 2016

Ce plugin fait sont travail, protéger l'admin, créer des htaccess et htpasswd et en plus ça fonctionne

Work but with some annoying bug

By hendsiyas on September 3, 2016

I try to manually set password on the wp-admin page but did not work, this plugins work, but with some bugs.

First GUI bug, if I disable some option, it ask for password even when the user and password form not showed.

And 2nd bug is with woocommerce. If I enable Protection for wp-login, when buyer logoff their account, this plugin ask for password. The only solution is disabled wp-login protection and only enable it on wp-admin page.

Not perfect but this plugins work. Hope you fix the bug and get more download.

1.0

  • Initial version.
Back to top