HOWTO: Harden your WordPress wp-admin using password protection

Though wp-admin is already secured through login/password authentication, this post will examine to add an additional layer of security.

For the purpose of second layer security htpasswds file will be used.

Create htpasswds file

Use htpasswd command in Linux or OSX to create a htpasswd file. The command to execute  is as below

$ htpasswd -c .htpasswd mydemouser 
New password: 
Re-type new password: 
Adding password for user mydemouser

A file .htpasswd is created in the local directory

$ cat .htpasswd
mydemouser:$apr1$60sgQzdr$C.APpTFtRyjJfpcwQsJB/.

Changes on server hosting WordPress site

1. Copy the .htpasswd file to a directory that’s outside the wp-admin directory

Suggested Directory: /home10/mydemouser/.htpasswds/public_html/wp-admin/passwd/

Change the directory as per your site deployment.

2. Create a .htaccess file in ~/public_html/wp-admin directory and include following

 

AuthName "Restricted Access"
AuthUserFile /home10/mydemouser/.htpasswds/public_html/wp-admin/passwd/.htpasswd
AuthGroupFile /dev/null
AuthType basic
require user mydemouser

3. Access wp-admin page and confirm an authentication popup window appear. If the page fails with too many redirects error then proceed with the next step.

Stop too many redirects error

4. Edit the .htaccess under ~/public_html and add the following line before WordPress rules start

ErrorDocument 401 default

That’s it – double layer authentication should now be active.

How to fix Admin Ajax issue

If the wp-admin is password protected then it will break the ajax functionality in the front-end ( if it is been used). To fix this issue follow the steps below

1. Edit the .htaccess file in ~/public_html/wp_admin folder and add the following code on the file.

<Files admin-ajax.php>
     Order allow,deny
     Allow from all
     Satisfy any
 </Files>

How to enable SSH in Linkstation – LS-X1.0TLJ

1. Download acp_commander.jar ( google around to find the JAR)
2. Assuming the IP on your linkstation is 10.0.1.60 you have to run the following commands
3. _ADMIN_PASSWORD_ is same password that you user on linkstation HTTP/HTTPS URL with admin id.
4. _ROOT_PASSWORD_ provide a new root password

java -jar acp_commander.jar -t 10.0.1.60 -ip 10.0.1.10 -pw _ADMIN_PASSWORD_ -c "ls /"
java -jar acp_commander.jar -t 10.0.1.60 -ip 10.0.1.60 -pw _ADMIN_PASSWORD_ -c "(echo _ROOT_PASSWORD_;echo _ROOT_PASSWORD_)|passwd"
java -jar acp_commander.jar -t 10.0.1.60 -ip 10.0.1.60 -pw _ADMIN_PASSWORD_ -c "sed -i 's/UsePAM yes/UsePAM no/g' /etc/sshd_config"
java -jar acp_commander.jar -t 10.0.1.60 -ip 10.0.1.60 -pw _ADMIN_PASSWORD_ -c "sed -i 's/PermitRootLogin no/PermitRootLogin yes/g' /etc/sshd_config"
java -jar acp_commander.jar -t 10.0.1.60 -ip 10.0.1.60 -pw _ADMIN_PASSWORD_ -c "/etc/init.d/sshd.sh restart"