Question

Additional Wordpress security measure?

Posted July 8, 2014 3.8k views

When logging into the /wp-admin console in my wordpress site, it now asks for additional credentials.

<img src=“https://lh6.googleusercontent.com/-GncCO3Byjs4/U7s9lpMKZoI/AAAAAAAAD2M/tqoUX4H5GBg/w390-h216-no/Screen+Shot+2014-07-07+at+1.22.45+PM.png”>

I have been at it all day granting extended permissions, reviewing php, and everything looks normal. In one of the forums I came across it mentioned asking the hosting provider as this is a common layer of additional security. I can’t think of any other reason for it. Can anyone educate me about this phenomenon?

Thanks,
-Chris

Add a comment
ChristopherJones72521
By:
ChristopherJones72521

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
Submit an Answer
5 answers
turgenevskaya July 8, 2014

Hi,

Did you use the one click instance of WordPress for the droplet? This is a common issue if you don’t complete all the steps of the guide.

Reply Report
ChristopherJones72521 July 8, 2014

Hi turgenevsaya,

Actually, I migrated it from another server in which is was fully functional.

Would you suggest I go back through the one-click guide and see if that works out? I’m also hoping someone will tell me how this happens. Is it a permission that needs to be granted? or something in a config file I need to look at?

Thanks,
-Chris

Reply Report
turgenevskaya July 8, 2014

I would run through it if you used it before. Although snapshots theoretically restore all settings there are sometimes the one-off chance that something isn’t migrated properly, I’ve had it happen myself.

Reply Report
ChristopherJones72521 July 8, 2014

Wow, I see now. Thank you!

Reply Report
asb July 8, 2014

The credentials for logging into the admin page are shown on the command line when you first connect to your droplet. If you’d like to remove the extra layer of security, edit your Apache configuration:

nano /etc/apache2/apache2.conf

Then remove or comment out this section:

<DirectoryMatch ^.*/wp-admin/>
    AuthType Basic
    AuthName "Please login to your droplet via SSH for login details."
    AuthUserFile /etc/apache2/.htpasswd
    Require valid-user
</DirectoryMatch>

For more details, see this tutorial:

One-Click Install WordPress on Ubuntu 14.04 with DigitalOcean

Reply Report

Looking for something else?

Ask a new question Search for more help