Update to WP 5.4 requires htaccess installed on wp-admin

Hello,

Try to open and view your .htaccess contents and remove any password protection that you don’t want and try restoring the contents of the file to the default from here: https://www.ads-software.com/support/article/htaccess/

In case you installed a plugin to do this for you, you can disable it, make sure your site works without a password and re-enable it to reconfigure it.

Stergos

Hello,

thank you. But this didn’t work.

I have no plugin installed for this htaccess. I installed it in the backend of the my hoster.

I uninstalled the htaccess in the backend of the hoster, then it worked. Also, I looked at the htaccess in the root directory of the homepage and I updated it to the default from the link you posted. Everything was ok, but no password when starting the WP backend.

So I reinstalled the htacces in the backend of the hoster. Now the htaccess ist active again when I start the homepage. It’s like before, no change.

I think that WP 5.4 accesses to wp-admin different from WP 5.3 and that’s why htaccess starts. If there ist no other way, I must uninstall htaccess in wp-admin. But I would like to keep it.

Rolf

It’s strange…
It seems that the htaccess password is not really required but the window is shown. The homepage works even if I press “abbrechen” (escape).
And this windows only appears on my private computer (Firefox with Windows 10). And on the computer of a friend (FF with Windows 10).
On the computer at work, this window doesn’t appear (tested Windows 10 with Firefox and IE). Also on my mobile phone (Android with Firefox) the htaccess window doesn’t appear.
As there are the same FF versions at work as at home, I can’t imagine what the problem may be.

Maybe somebody has an idea?

The only idea I have is to deactivate the FF plugins one after the other and to see what happens.

But why did it work until WP 5.3? There was no update for FF or the FF plugins before I installed WP 5.4.

Rolf

I have a solution:
I installed a plugin named “rename wp login” and removed the htaccess.
Now, I hope that no robot can find the backend login.

Thanks for the assistance.

Rolf

Hello

Same here (had the .htpasswd longer in fact).
Since updating to 5.4 the Firefox 75.0 ‘wants’ to .htpasswd login of the wp-admin folder when showing the website, and only the FF; not the IE nor Edge nor Vivaldi nor Chrome nor mobile phone

I’d like to keep my htpasswd and I don’t want to install yet another plugin.
I already added the ajax ‘alow’ to the .htaccess, so the file looks like

AuthType Basic
AuthName “XX”
AuthUserFile /XXXXXXX/…/.htpasswd
Require valid-user
<Files admin-ajax.php>
Order allow,deny
Allow from all
Satisfy any
</Files>

Still the wp-admin login shows up while opening the website.

Do I really have to do without this extra protection?

Best regards
Jürgen

Hallo Jürgen,

ich habe das Addon installiert, das ich in meinem letzten Post genannt habe, und das admin-Verzeichnis umbenannt. Seitdem wurde kein Anmeldeversuch irgendwelcher Roboter mehr probiert.
Ich sehe dadurch keinen Bedarf mehr an htaccess für meine Homepage, da die Roboter der einzige Grund für mich waren, einen zus?tzlichen Passwortschutz einzubauen.

Gru? und bleib gesund
Rolf

Hallo Rolf

Sorry for my late reply (I kinda didn’t find the time which seems weird being mostly at home all the time ;-))

I disabled (renamed, I will propably delete it later) the htaccess in the wp-admin folder. That did the trick. I sort of wanted to have one more login before the real login to prevent hacking, I guess. I do have good (128bits) passwords though.
2 other website I maintain are using some different plugins and there the htaccess will stay for the time being.

And I will try the ‘rename wp login’-plugin (who can pick a lock not knowing where the dopr is, eh?).

Thank you for your help and stay healthy

Best regards
Jürgen

The topic is reesolved for me.

This seems to be related to no favicon being set for the site.
When you don’t set up a ‘Site Icon’ in Customizer, WP loads its own logo from /wp-admin/images/w-logo-blue.png

Naturally, if your /wp-admin/ directory is password protected, a password prompt appears on the frontend when the browser tries to load the default favicon.

Why this doesn’t happen on Chrome and other Chromium based browsers (and they do show the WP logo favicon) is a mystery to me.

I filed a bug report on this at https://core.trac.www.ads-software.com/ticket/50131
The solution, for now, is to either set up a favicon in Customizer or to allow access to /wp-admin/images/w-logo-blue.png in your /wp-admin/.htaccess file.

If this doesn’t help, check the Console output in Firefox to see when exactly the password prompt appears and which request gets a ‘401 Unauthorised’ response when you click on ‘Cancel’ in the password prompt.

• This reply was modified 4 years, 6 months ago by somePaulo.

Hello finomeno

That corresponds with my settings.
The two websites which are (were, thanks to you) affected were without favicon, the other (not affeted) two have one.
I put a favicon into the root folder of one of the sites and activated my .htaccess again and I got no more admin login.
And it works as you described with the website icon (w/o favicon in the root folder) as well.

Thanks a lot
Jürgen