help for htaccess password protection on WP multisite

Forum Moderators: phranque

Message Too Old, No Replies

help for htaccess password protection on WP multisite

alexod

9:05 pm on May 20, 2016 (gmt 0)

Hi friends!

I have the following .htaccess:

RewriteRule ^index\.php$ - [L]

# add a trailing slash to /wp-admin
RewriteRule ^([_0-9a-zA-Z-]+/)?wp-admin$ $1wp-admin/ [R=301,L]

RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^ - [L]
RewriteRule ^([_0-9a-zA-Z-]+/)?(wp-(content|admin|includes).*) $2 [L]
RewriteRule ^([_0-9a-zA-Z-]+/)?(.*\.php)$ $2 [L]
RewriteRule . index.php [L]

It's a MultySite Wordpress script

Today i decided to add password protection to my wp-login.php file and understand that the code that i usually use on other my site don't work here

AuthUserFile /home2/pathname/.htpasswd
AuthGroupFile /dev/null
AuthName "Restricted Access"
AuthType Basic
<limit GET>
equire valid-user
</Limit>

any advice will be appreciated !

lucy24

9:20 pm on May 20, 2016 (gmt 0)

RewriteRule ^([_0-9a-zA-Z-]+/)?(wp-(content|admin|includes).*) $2 [L]
RewriteRule ^([_0-9a-zA-Z-]+/)?(.*\.php)$ $2 [L]

Gee, I hope you've got a RewriteBase directive earlier. But it's safer to put an explicit / at the front of each target.

Why are you messing with the URL of things like wp-admin? Isn't that strictly for your own use anyway?
</tangent>

AuthUserFile /home2/pathname/.htpasswd

What's the ServerRoot defined as? You're asking about things in htaccess, but do you in fact have access to the config file? If you do, then anything even remotely sensitive should go there rather than in htaccess.