-
AuthorPosts
-
November 3, 2018 at 6:44 pm #1029508
Hello,
I was following a list of tips for securing your website in 2018 found here: https://www.wpbeginner.com/wordpress-security/ and now my site requires a username/password to access anything. I believe it has to do with htaaccess (?) but I’m not 100% sure. It could also be the tip to password protect the admin directory applied to the wrong directory? I’ve been searching the Enfold support docs but I can’t seem to find exactly what I’m looking for. Can someone please help with this?- This topic was modified 6 years, 1 month ago by educatedathlete.
November 4, 2018 at 6:25 am #1029572Hey educatedathlete,
Did you try removing what you added to the htaccess file?
Best regards,
RikardNovember 4, 2018 at 12:24 pm #1029601did you generate a htpasswd?
Is the complet page not available or only the wp-login page of your page?Some guys like to password protect the Admin Area serverside. so that you have to enter a password before you can access the normal WP access.
Here is some info about htpasswd ( same as htaccess it is an invisible file with a dot in front: .htaccess and .htpasswd )
http://www.htaccesstools.com/articles/htpasswd/
The Protection then is an entry in htacces file like:# Auth protect wp-login.php <Files wp-login.php> AuthName "Restricted Admin-Area" AuthType Basic AuthUserFile /is/htdocs/wp1234567_EJ5MMWZBH6/www/.htpasswd Require valid-user </Files> # Deny access to important files <FilesMatch "(\.htaccess|\.htpasswd)"> Order deny,allow Deny from all </FilesMatch>
you have to know the absolute path to the htpasswd to set this.
That’s a good thing, but annoying when logging into the WordPress backend.
But the advantage is that the attempts to hack into your admin area using a bot are already blocked on the server side, so that the brute force attack does not affect your site performance.November 4, 2018 at 12:29 pm #1029603Hey Guenni007,
Thank you so much for this response. I will read up on it and shoot back if I have any more questions. I spoke to my hosting provider and resolved the issue with them ( I meant to update this post to say it could be closed but just forgot, my apologies).
Thanks again!November 4, 2018 at 12:37 pm #1029605Ok – the one thing that is neccessary for wordpress itself is something like this :
# BEGIN WordPress <IfModule mod_rewrite.c> RewriteEngine On … things WP need for example to set up permalink structure etc … </IfModule> # END WordPress
Everything else can be useful but is not necessary.
i use the htaccess file often to set up gzip or expiration date etc. for WordPress files.
or to redirect old page path to new ones (301 redirect instructions)November 5, 2018 at 4:26 am #1029739Hi,
Thanks for helping out @guenni007, please let us know if you should need any further help on the topic @educatedathlete.
Best regards,
Rikard -
AuthorPosts
- You must be logged in to reply to this topic.