Viewing 6 posts - 1 through 6 (of 6 total)
  • Author
    Posts
  • November 3, 2018 at 6:44 pm #1029508
    educatedathlete

    Hello,
    I was following a list of tips for securing your website in 2018 found here: https://www.wpbeginner.com/wordpress-security/ and now my site requires a username/password to access anything. I believe it has to do with htaaccess (?) but I’m not 100% sure. It could also be the tip to password protect the admin directory applied to the wrong directory? I’ve been searching the Enfold support docs but I can’t seem to find exactly what I’m looking for. Can someone please help with this?

    November 4, 2018 at 6:25 am #1029572
    Rikard

    Hey educatedathlete,

    Did you try removing what you added to the htaccess file?

    Best regards,
    Rikard

    November 4, 2018 at 12:24 pm #1029601
    Guenni007

    did you generate a htpasswd?
    Is the complet page not available or only the wp-login page of your page?

    Some guys like to password protect the Admin Area serverside. so that you have to enter a password before you can access the normal WP access.
    Here is some info about htpasswd ( same as htaccess it is an invisible file with a dot in front: .htaccess and .htpasswd )
    http://www.htaccesstools.com/articles/htpasswd/
    The Protection then is an entry in htacces file like:

    # Auth protect wp-login.php
<Files wp-login.php>
  AuthName "Restricted Admin-Area"
  AuthType Basic
  AuthUserFile /is/htdocs/wp1234567_EJ5MMWZBH6/www/.htpasswd
  Require valid-user
</Files>

# Deny access to important files
<FilesMatch "(\.htaccess|\.htpasswd)">
  Order deny,allow
  Deny from all
</FilesMatch>

    you have to know the absolute path to the htpasswd to set this.
    That’s a good thing, but annoying when logging into the WordPress backend.
    But the advantage is that the attempts to hack into your admin area using a bot are already blocked on the server side, so that the brute force attack does not affect your site performance.

    November 4, 2018 at 12:29 pm #1029603
    educatedathlete

    Hey Guenni007,

    Thank you so much for this response. I will read up on it and shoot back if I have any more questions. I spoke to my hosting provider and resolved the issue with them ( I meant to update this post to say it could be closed but just forgot, my apologies).
    Thanks again!

    November 4, 2018 at 12:37 pm #1029605
    Guenni007

    Ok – the one thing that is neccessary for wordpress itself is something like this :

    # BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
…  things WP need for example to set up permalink structure etc …
</IfModule>
# END WordPress

    Everything else can be useful but is not necessary.

    i use the htaccess file often to set up gzip or expiration date etc. for WordPress files.
    or to redirect old page path to new ones (301 redirect instructions)

    November 5, 2018 at 4:26 am #1029739
    Rikard

    Hi,

    Thanks for helping out @guenni007, please let us know if you should need any further help on the topic @educatedathlete.

    Best regards,
    Rikard

  • Author
    Posts
Viewing 6 posts - 1 through 6 (of 6 total)
  • You must be logged in to reply to this topic.