Htpasswd rule change

So today I created a new subdir on one of my sites and wanted to protect it with Username/Password. In the subdir I created a .htaccess file pointing to an existing $HOME/.htpasswd/[name] file. All of a sudden all of my sites/web pages required me to Sign In. Along with the rest of the world. After about an hour the DH tech moved my ~/.htpasswd to .htpasswd_old and all was right - except now none of my subdir files know how to let me in. So, I move the .htpasswd_old to ~/bin/.htpasswd and edited the half dozen subdir/.htaccess file by inserting “/bin” at the proper place and life is good again.

So, I’m saying, someone, fixed what wasn’t broken - a .htpasswd file in the home/login dir now applies to DA WORLD!

I’ve found it easier to just let DH protect directories via:

1 Like

Hadn’t seen that before, tried it, it works. I have a minor problem (founded/unfounded) in that it installs .htaccess and .htpasswd files in said subdir. I prefer to make things as hard as possible for hackers. ie. not having the htpasswd file in the same dir. - ya, I know httpd.conf says nobody can web read those files - until they can …

I would prefer to have files like that in a subdir named after - my first girlfriend, second cat, backup2002. I host a 3d party package where the “admin” subdir can be changed to … “nancy”? and the config.php file changed to foo4.php.

That said, I don’t host any WP pages. Why? because yesterday I had the following in my logs:|wp-login.php||/wp-login.php||/wp-login.php||/wp-login.php||/wp-login.php|

So, try to change “admin”, “wp-login.php” etc to “nancy” (et-al) - you can’t. - So I digress. Back to my orig. problem. The recent upgrade did something that if you add a Username/Passwd in a new subdir and .htpasswd (from wayyy back when) is in the $HOME dir - every dir under there requires Login. Just the way I swing, and ya I understand the next person thinks differently. So I’ll be moving the new .htaccess file to [take a wild guess].

C’est La Vie

1 Like