$conf, $runtime; function_exists('chdir') AND chdir(APP_PATH); $r = 'mysql' == $conf['cache']['type'] ? website_set('runtime', $runtime) : cache_set('runtime', $runtime); } function runtime_truncate() { global $conf; 'mysql' == $conf['cache']['type'] ? website_set('runtime', '') : cache_delete('runtime'); } register_shutdown_function('runtime_save'); ?>admin - How to enforce authentication for all resources?|Programmer puzzle solving

Programmer puzzle solving

    最新消息:Welcome to the puzzle paradise for programmers! Here, a well-designed puzzle awaits you. From code logic puzzles to algorithmic challenges, each level is closely centered on the programmer's expertise and skills. Whether you're a novice programmer or an experienced tech guru, you'll find your own challenges on this site. In the process of solving puzzles, you can not only exercise your thinking skills, but also deepen your understanding and application of programming knowledge. Come to start this puzzle journey full of wisdom and challenges, with many programmers to compete with each other and show your programming wisdom! Translated with DeepL.com (free version)
    你的位置: HOME>matter>admin - How to enforce authentication for all resources?

    admin - How to enforce authentication for all resources?

    matteradmin10PV0评论

    I want to host a personal journal with wordpress. I don't want to share it with 3rd parties but I want to be able to access it from anywhere with my admin credentials. There are several plugins around which all do nothing but protect access to sites/posts - but everything else (/wp-content/ first and foremost) is still accessible without permissions.

    So what I basically want is a check like for /wp-admin is required for each resource on my blog. 

    ${SITE_URL}/.*

    I know that I could just add some .htaccess basic authentication. But I want to avoid that.

    I want to host a personal journal with wordpress. I don't want to share it with 3rd parties but I want to be able to access it from anywhere with my admin credentials. There are several plugins around which all do nothing but protect access to sites/posts - but everything else (/wp-content/ first and foremost) is still accessible without permissions.

    So what I basically want is a check like for /wp-admin is required for each resource on my blog. 

    ${SITE_URL}/.*

    I know that I could just add some .htaccess basic authentication. But I want to avoid that.

    • admin
    • authentication
    Share Improve this question edited Feb 18, 2019 at 9:04 Brettetete asked Feb 18, 2019 at 8:29 BretteteteBrettetete 1113 bronze badges 4
    • "I don't want to share it with the public" - what about running it locally? – birgire Commented Feb 18, 2019 at 8:46
    • @birgire - i don't want to share it with 3rd parties but want to be able to access it from everywhere with my admin credentials. – Brettetete Commented Feb 18, 2019 at 9:03
    • Do you want to serve your uploads from a non public folder through PHP with a WordPress login? – birgire Commented Feb 18, 2019 at 9:10
    • @birgire I basically just want to add the auth_redirect() function before accessing /wp-content/* – Brettetete Commented Feb 18, 2019 at 13:05
    Add a comment  | 

    1 Answer 1

    Reset to default 0

    You should define which resources you want to protect. I think you have such choices:

    1) Protect whole site

    2) Protect only posts (without resources)

    3) Protect posts & all resources (but only uploads, not wp-content! otherwise you will break your themes/plugins)

    So, as you say you need 3rd way. In such case, you should use htaccess cookie-based redirection:

    • Create htaccess in wp-content/uploads which restricts access to all urls there for users who doesn't have a cookie "cookie_name" set to value i.e. 'xyz':

      RewriteEngine On RewriteCond %{HTTP_COOKIE} !cookie_name=xyz; [NC] RewriteRule ^ https://your_site/authorization-page [NC,L]

    • Create authorization-page where should be a form to insert a password (set whatever you want) and if user correctly enters password, then set cookie cookie_name to xyz.

    p.s. just replace xyz and cookie_name with very random characters.

    Articles related to this article

    Post a comment

    comment list (0)

    1. No comments so far