开发者 | jesin |
---|---|
更新时间 | 2017年11月25日 22:25 |
PHP版本: | 3.1.0 及以上 |
WordPress版本: | 4.9 |
版权: | GPLv2 or later |
版权网址: | 版权信息 |
.htaccess
file
SetEnvIfNoCase ^Authorization$ "(.+)" PHP_AUTH_DIGEST=$1
Advantages of HTTP Digest Authentication
The BA (Basic Authentication) mechanism provides no confidentiality protection for the transmitted credentials. They are merely encoded with BASE64 in transit, but not encrypted or hashed in any way.
http-digest-auth
folder to the /wp-content/plugins/
directory.Users > Your Profile
page.When you access the wp-login.php page a portion of the realm is generated and stored in a session variable so the realm looks like "HTTP Auth Session MTM4MTc0NzU3OQ=="\ When you logout of WordPress this session variable is deleted and a new realm is generated, hence the browser prompts you for credentials.
The username is stored in the wp_usermeta
table in plain-text. The password is stored in a two-way encryption format in the same table. It is encrypted and decrypted with the mcrypt_encrypt() and mcrypt_decrypt() functions.
That means your PHP installation doesn't have the mcrypt extension. To check if this is the case go to your <?php phpinfo(); ?>
and check if there is a section called mcrypt. If there isn't one in your VPS/Dedicated server install it
on Debian/Ubuntu
apt-get install php5-mcrypt
on Centos/Fedora
yum install php5-mcrypt
After installation change the password (or enter the same password in Your Profile) to encrypt it.
Shared hosting users needn't worry about this as any decent host should already have this installed.
You can find your username by executing the following MySQL query.
The password can be reset with the following querySELECT meta_value FROM
wp_usermetaWHERE meta_key = 'http-digest-auth_username' and user_id = (SELECT ID from wp_users where user_login = 'WordPress_Username');
Remember to replacewp_
with your actual database prefix andWordPress_Username
with your login name.
UPDATE
wp_usermetaSET meta_value = 'password' WHERE meta_key = 'http-digest-auth_password' and user_id = (SELECT ID from wp_users where user_login = 'admin');
This will set the HTTP password topassword
. Login and change it immediately.
By default if you access the wp-login.php page using your HTTP credentials, only YOUR WordPress username can login. This security measure can be disabled by ticking this option.
Deactivating this plugin doesn't affect the credentials but deleting the plugin erases all HTTP user credentials leaving no trace of it in the database.
line-height
styling on input boxes.htaccess
rules for FastCGI PHP