Additional Wordpress security measure?

July 8, 2014 2.2k views

When logging into the /wp-admin console in my wordpress site, it now asks for additional credentials.

<img src="https://lh6.googleusercontent.com/-GncCO3Byjs4/U7s9lpMKZoI/AAAAAAAAD2M/tqoUX4H5GBg/w390-h216-no/Screen+Shot+2014-07-07+at+1.22.45+PM.png">

I have been at it all day granting extended permissions, reviewing php, and everything looks normal. In one of the forums I came across it mentioned asking the hosting provider as this is a common layer of additional security. I can't think of any other reason for it. Can anyone educate me about this phenomenon?

Thanks,
-Chris

5 Answers

Hi,

Did you use the one click instance of WordPress for the droplet? This is a common issue if you don't complete all the steps of the guide.

Hi turgenevsaya,

Actually, I migrated it from another server in which is was fully functional.

Would you suggest I go back through the one-click guide and see if that works out? I'm also hoping someone will tell me how this happens. Is it a permission that needs to be granted? or something in a config file I need to look at?

Thanks,
-Chris

I would run through it if you used it before. Although snapshots theoretically restore all settings there are sometimes the one-off chance that something isn't migrated properly, I've had it happen myself.

The credentials for logging into the admin page are shown on the command line when you first connect to your droplet. If you'd like to remove the extra layer of security, edit your Apache configuration:

nano /etc/apache2/apache2.conf

Then remove or comment out this section:

<DirectoryMatch ^.*/wp-admin/>
    AuthType Basic
    AuthName "Please login to your droplet via SSH for login details."
    AuthUserFile /etc/apache2/.htpasswd
    Require valid-user
</DirectoryMatch>

For more details, see this tutorial:

One-Click Install WordPress on Ubuntu 14.04 with DigitalOcean

Have another answer? Share your knowledge.