This plugin breaks Plesk passwording of directories

  • Resolved wildmice

    (@wildmice)


    7 years, 6 months ago

    You can imagine my surprise when i discovered that a security plugin was creating a security problem ??

    Usually we password sites while working on them, and i guess this is the first time we’ve set up this plugin before removing the passwording. In any case, as soon as the plugin is activated (actually, as soon as plugin data is written to htaccess) the Plesk password-protected directories feature stops working, leaving the site wide open to the public. Not good.

    Sorry, i can’t give you the site URL, for obvious reasons. In case it matters, the site is https and HTTP/2 with redirect from http to https.

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Contributor mbrsolution

    (@mbrsolution)

    Thank you for reporting this issue. The plugin developers will further investigate your findings.

    Kind regards.

    Plugin Contributor wpsolutions

    (@wpsolutions)

    Hi @wildmice,
    Since I don’t use Plesk I am not 100% sure why you are seeing that behaviour.
    When you say you password protected your site using Plesk, is the password protection mechanism done via .htaccess directives?

    Thread Starter wildmice

    (@wildmice)

    Hi. I’ve not been able to find any details about how this is implemented in Plesk (using Plesk 12.5). I’m guessing that it’s done in server config settings, rather than htaccess, as i’ve never seen anything set by it in htaccess.

    Plugin Contributor wpsolutions

    (@wpsolutions)

    The reason I asked about .htaccess is because you mentioned the following:

    …..as soon as plugin data is written to htaccess… the Plesk password-protected directories feature stops working

    So does that mean that your pw protection feature still works when no data is written to the .htaccess by aiowps plugin?
    Have you tried some tests such as disabling/enabling aiowps features to see which may be causing your issue?

    If the password protection feature of your srver is not done via .htaccess then my gut feeling is that it’s highly unlikely that the above statement would be an accurate description of the cause of the issue.
    I think you should ask your host support people to explain how the password protection works and explain to them the behaviour you are seeing with this plugin. They might be able to help us understand what is going on.

    • This reply was modified 7 years, 5 months ago by wpsolutions.
Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘This plugin breaks Plesk passwording of directories’ is closed to new replies.