H
by Daniel Westermann-Clark
5 (1 reviews)
HTTP Authentication
Use an external authentication source in WordPress.
Tested up to WP 6.5 (Current: 6.9)
v4.6
Current Version v4.6
Updated 1 year ago
Last Update on 24 Apr, 2024
Synced 7 hours ago
Last Synced on
Rank
#8,680
-7 this week
Active Installs
600+
-9.6%
KW Avg Position
N/A
—
No change
Downloads
50.1K
+2 today
Support Resolved
0%
—
No change
Rating
100%
Review 5 out of 5
5
(1 reviews)
Next Milestone 700
600+
700+
269
Ranks to Climb
-
Growth Needed
8,000,000
Active Installs
Pro
Unlock Exact Install Count
See the precise estimated active installs for this plugin, calculated from real-time ranking data.
- Exact install estimates within tiers
- Track install growth over time
- Milestone progress predictions
Need 52 more installs to reach 700+
Rank Changes
Current
#8,680
Change
Best
#
Downloads Growth
Downloads
Growth
Peak
Upgrade to Pro
Unlock 30-day, 90-day, and yearly download history charts with a Pro subscription.
Upgrade NowReviews & Ratings
5.0
1 reviews
Overall
100%
5
1
(100%)
4
0
(0%)
3
0
(0%)
2
0
(0%)
1
0
(0%)
Tracked Keywords
Showing 0 of 0| Keyword | Position | Change | Type | Updated |
|---|---|---|---|---|
| No keyword data available yet. | ||||
Unlock Keyword Analytics
Track keyword rankings, search positions, and discover new ranking opportunities with a Pro subscription.
- Full keyword position tracking
- Historical ranking data
- Competitor keyword analysis
Track This Plugin
Get detailed analytics, keyword tracking, and position alerts delivered to your inbox.
Start Tracking FreePlugin Details
- Version
- 4.6
- Last Updated
- Apr 24, 2024
- Requires WP
- 3.1+
- Tested Up To
- 6.5
- PHP Version
- N/A
- Author
- Daniel Westermann-Clark
Support & Rating
- Rating
- ★ ★ ★ ★ ★ 5
- Reviews
- 1
- Support Threads
- 0
- Resolved
- 0%
Keywords
Upgrade to Pro
Unlock keyword rankings, search positions, and detailed analytics with a Pro subscription.
Upgrade NowSimilar Plugins
WP Adminify – White Label WordPress, Admin Menu Editor, Login Customizer
7K+ installs
#2,736
Master Addons For Elementor – White Label, Free Widgets, Hover Effects, Conditions, & Animations
40K+ installs
#929
Anti-Malware Security and Brute-Force Firewall
100K+ installs
#295
WPS Limit Login
100K+ installs
#309
reCaptcha by BestWebSoft
100K+ installs
#316
Frequently Asked Questions
Common questions about HTTP Authentication
Any authentication mechanism which sets the REMOTE_USER (or REDIRECT_REMOTE_USER, in the case of ScriptAlias'd PHP-as-CGI) environment variable can be used in conjunction with this plugin. Examples include Apache's mod_auth and mod_auth_ldap.
This depends on your hosting environment and your means of authentication. Many Apache installations allow configuration of authentication via .htaccess files, while some do not. Try adding the following to your blog's top-level .htaccess file: AuthName "WordPress" AuthType Basic AuthUserFile /path/to/passwords Require user dwc (You may also want to protect your xmlrpc.php file, which uses separate authentication code.) Then, create another .htaccess file in your wp-admin directory with the following contents: AuthName "WordPress" AuthType Basic AuthUserFile /path/to/passwords Require user dwc In both files, be sure to set /path/to/passwords to the location of your password file. For more information on creating this file, see below.
See Apache's HOWTO: Authentication, Authorization, and Access Control.
This plugin doesn't actually authenticate users. It simply feeds WordPress the name of a user who has successfully authenticated through Apache. To determine the username, this plugin uses the REMOTE_USER or the REDIRECT_REMOTE_USER environment variable, which is set by many Apache authentication modules. If someone can find a way to spoof this value, this plugin is not guaranteed to be secure. By default, this plugin generates a random password each time you create a user or edit an existing user's profile. However, since this plugin requires an external authentication mechanism, this password is not requested by WordPress. Generating a random password helps protect accounts, preventing one authorized user from pretending to be another.
Because this plugin generates a random password when you create a new user or edit an existing user's profile, you will most likely have to reset each user's password if you disable this plugin. WordPress provides a link for requesting a new password on the login screen. Also, you should leave the admin user as a fallback, i.e. create a new account to use with this plugin. As long as you don't edit the admin profile, WordPress will store the password set when you installed WordPress. In the worst case scenario, you may have to use phpMyAdmin or the MySQL command line to reset a user's password.
Yes. You can authenticate some users via an external, single sign-on system and other users via the built-in username and password combination. (Note: When mixed authentication is in use, this plugin does not scramble passwords as described above.)
AuthName "Shibboleth" AuthType Shibboleth Require Shibboleth This enables Shibboleth authentication in "passive" mode. Then, in WordPress: Set the plugin to allow WordPress authentication. Configure the login URI to match your Shibboleth system. For example, if your blog is hosted at http://example.com/, then your login URI should be http://example.com/Shibboleth.sso/Login?target=%redirect_encoded%. Configure the logout URI to match your Shibboleth system. Following the above example, your logout URI would be http://example.com/Shibboleth.sso/Logout?return=%redirect_encoded%. After saving the options, authentication will work as follows: If a user is already authenticated via Shibboleth, and he or she exists in the WordPress database, this plugin will log them in automatically. If a user is not authenticated via Shibboleth, the plugin will present the standard WordPress login form with an additional link to login via Shibboleth. Other authentication systems (particularly those without a login or logout URI) will need to be configured differently.
Yes, you can enable this plugin across a network or on individual sites. However, options will need to be set on individual sites. If you have suggestions on how to improve network support, please submit a comment.
If you have a WordPress site with multiple environments (e.g. dev.example.com, test.example.com, and example.com) you can use additional variables in the login and logout URIs: %host% - The current value of $_SERVER['HTTP_HOST'] %base% - The base domain URL (everything before the path) %site% - The WordPress home URI %redirect% - The return URI provided by WordPress You can also use %host_encoded%, %site_encoded%, and %redirect_encoded% for URL-encoded values. For example, your login URI could be: https://%host%/Shibboleth.sso/Login?target=%redirect_encoded% This would be modified for each environment as appropriate.