我有一个httpd服务器和WordPress网站。我一直在用户访问我的域时将/.htaccess 设置为身份验证。但是,我想在没有身份验证的情况下直接访问mydomain/wp-admin。这是我的文件.htaccess,但不起作用:
SetEnvIfNoCase Request_URI "^wp-admin.php" noauth
AuthType Basic
AuthName "Please login"
AuthUserFile /etc/httpd/.htpasswd
Require valid-user
Order Deny,Allow
Deny from all
Allow from env=noauth
Satisfy any
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
如果您想在没有密码的情况下登录,可以,但您仍然需要用户名,因为您必须设置身份验证cookie才能进行身份验证。
将以下代码放置到函数.php文件
function admin_login($user, $username, $password) {
$user = get_user_by("login", $username);
if($user != "FALSE")
{
wp_set_auth_cookie($user->ID);
}
else
{
return null;
}
return $user;
}
function hide_password_field()
{
?>
<style type="text/css">
body.login div#login form#loginform p:nth-child(2) {
display: none;
}
</style>
<?php
}
add_filter("authenticate", "admin_login", 10, 3);
add_action("login_head", "hide_password_field");
现在,如果您转到wp-admin,它将仅要求您输入用户名并让您登录。
我修复了,但它似乎并不完全符合我的目标。普通用户在访问mydomain/时必须输入凭据,然后管理员用户才能直接访问mydomain/wp-admin。但是,在为WordPress输入正确的用户/密码后,我们收到了来自mydomain的弹出式身份验证。它是如何工作的?给我一些解决方案。
[ec2-user@ip-10-0-1-61 cms]$ sudo vi .htaccess
RewriteEngine On
# Do the regex check against the URI here, if match, set the "require_auth" var
SetEnvIf Request_URI ^/wp-admin|^/wp-login require_auth=true
# Auth stuff
AuthUserFile /etc/httpd/.htpasswd
AuthName "Password Protected!!!"
AuthType Basic
# Setup a deny/allow
Order Deny,Allow
# Deny from everyone
Deny from all
# except if either of these are satisfied
Satisfy any
# 1. a valid authenticated user
Require valid-user
# or 2. the "require_auth" var is NOT set
Allow from env=require_auth
RewriteCond %{REQUEST_URI} ^/wp-admin|^wp-login
RewriteCond %{REMOTE_ADDR} !=x.x.x.x
RewriteCond %{REMOTE_ADDR} !=x.x.x.x
RewriteCond %{REMOTE_ADDR} !=x.x.x.x
RewriteRule ^(.*)$ - [R=403,L]