Ramblings on technology with a dash of social commentary
RSS icon Email icon Home icon
  • How to fix WordPress wp-admin htpasswd redirect loop

    Posted on August 6th, 2014 phpguru No comments

    If you want a quick and easy way to boost the security of your WordPress blogs, a simple, fast and easy thing you can do is to place a password on your wp-admin directory. CPanel enables this in a moment, just by going to the “Password Protect Directories” feature within CPanel.

    Password protecting directories works following these simple steps.

    1. Click Password Protect Directories
    2. Navigate to public_html by clicking on the folder ICON
    3. Click the folder name link (NOT the icon) for wp-admin directory
    4. In the dialog, enter a username and password and save the details under the User portion
    5. In the dialog, choose to Enable Protection and give it a name, like ‘Top Secret – No Entry’
    6. Save it and then in another browser tab, navigate to yoursite.com/wp-admin

    Now if you’re like me, your wp-admin is broken with a message, “The page has caused a redirect loop”

    You google something like wp-admin htpasswd redirect loop, and find suggestions how to fix it… and find some blog posts like this or that, but you ask your web host about it, and they don’t let you modify httpd.conf config file.

    What to do?

    It turns out the answer is simple, you just need to edit your .htaccess file and add the following line at the top.

    ErrorDocument 401 default

    If you followed the steps above, the CPanel interface created an .htaccess file for you automatically. Go to the file editor feature within CPanel now, and find this new file inside the wp-admin directory, and click edit. Paste the line at the top, save it, refresh wp-admin, and you should be now seeing a dialog asking for your username and password — the one you set at step 4 above. The final .htaccess file including the password protection we added should look like this when you’re done:

    ErrorDocument 401 default
    AuthType Basic
    AuthName "Top Secret - No Entry"
    AuthUserFile "/home/yourusername/.htpasswds/public_html/wp-admin/passwd"
    require valid-user

    Note, do not edit the path for the AuthUserFile – it will be unique to your account and CPanel configuration. This adds a 2nd layer of protection in front of your wp-admin directory in addition to your existing WordPress administrator username and password.

    Leave a reply