Ramblings on technology with a dash of social commentary
RSS icon Email icon Home icon
  • How to fix WordPress wp-admin htpasswd redirect loop

    Posted on August 6th, 2014 phpguru No comments

    If you want a quick and easy way to boost the security of your WordPress blogs, a simple, fast and easy thing you can do is to place a password on your wp-admin directory. CPanel enables this in a moment, just by going to the “Password Protect Directories” feature within CPanel.

    Password protecting directories works following these simple steps.

    1. Click Password Protect Directories
    2. Navigate to public_html by clicking on the folder ICON
    3. Click the folder name link (NOT the icon) for wp-admin directory
    4. In the dialog, enter a username and password and save the details under the User portion
    5. In the dialog, choose to Enable Protection and give it a name, like ‘Top Secret – No Entry’
    6. Save it and then in another browser tab, navigate to yoursite.com/wp-admin

    Now if you’re like me, your wp-admin is broken with a message, “The page has caused a redirect loop”

    You google something like wp-admin htpasswd redirect loop, and find suggestions how to fix it… and find some blog posts like this or that, but you ask your web host about it, and they don’t let you modify httpd.conf config file.

    What to do?

    It turns out the answer is simple, you just need to edit your .htaccess file and add the following line at the top.

    ErrorDocument 401 default

    If you followed the steps above, the CPanel interface created an .htaccess file for you automatically. Go to the file editor feature within CPanel now, and find this new file inside the wp-admin directory, and click edit. Paste the line at the top, save it, refresh wp-admin, and you should be now seeing a dialog asking for your username and password — the one you set at step 4 above. The final .htaccess file including the password protection we added should look like this when you’re done:

    ErrorDocument 401 default
    AuthType Basic
    AuthName "Top Secret - No Entry"
    AuthUserFile "/home/yourusername/.htpasswds/public_html/wp-admin/passwd"
    require valid-user

    Note, do not edit the path for the AuthUserFile – it will be unique to your account and CPanel configuration. This adds a 2nd layer of protection in front of your wp-admin directory in addition to your existing WordPress administrator username and password.

  • Face Facebook Sharing Security Head On

    Posted on August 31st, 2011 phpguru No comments

    Sharing Policies on Facebook just got an upgrade. I thought you might like to see the new enhancements.

    1. Say who your with. Right off the bat, you can select the friends you want to be involved with a particular stream or conversation.

    2. Add Location to your posts. You can now define places where your conversation has relevance.

    3. Control privacy when you post – or after. If you realize a conversation might be better kept between certain people, you can now change the way your wall posts are published during or after the conversation starts.

    Visit this page on the Facebook.com Help pages For a more in-depth look at how to use Facebook’s newer, more secure sharing features.