Erik’s Brain

The reward of a thing well done...

Issues With WordPress and HTTP Authentication

Quite some time ago, but WordPress blog was hacked. I managed to clean everything up and get things working again thankfully. One measure to help secure it in the future was to password protect the wp-admin area with an .htaccess file. Now it seems that this is causing problems for visitors because anyone who comes to my site is asked to enter a username and password. If they land on the main index, a page within the blog, or a specific post in the blog, they are asked to log in. Each time they nav to a new page. They can simply hit CANCEL to move on, but this is a really horrible user experience.

I think this started happening due to a recent WordPress upgrade, but I can’t be sure. I also can’t figure out how to keep visitors from seeing this, which is all I care about. Disabling the stupid WordPress admin bar only gets rid of one of the log in panels. Yes, that’s right, my blog was asking people to log in twice on each page.

This is really annoying and I hope I can update this post soon with a solution.

Later…

Still no luck. But it seems like trying to hide the admin section behind HTTP auth is a waste of time anyway. I don’t know how long it’s been like this, but in Chrome and Firefox, if you try to access my “protected” admin log in screen and don’t enter the correct password, you still get the WordPress log in screen. It’s just play, un-styled HTML. Awesome. A total waste of time.

Comments