Avoid some PHP errors and warnings; add support for choosing $_SERVER variables<\/p>","4.4":"
Minor CSS fix for WordPress 3.3<\/p>","4.3":"
No code changes; updating plugin URIs<\/p>","4.2":"
Extends support for variable replacement<\/p>","4.1":"
Minor update for WordPress 3.2<\/p>"},"ratings":{"1":0,"2":0,"3":0,"4":0,"5":"1"},"assets_icons":[],"assets_banners":[],"assets_blueprints":{},"all_blocks":[],"tagged_versions":["1.0","1.1","1.2","1.3","1.4","1.5","1.6","1.7","1.8","1.8.1","2.0","2.1","2.2","2.3","2.4","3.0","3.0.1","3.1","3.2","4.0","4.1","4.2","4.3","4.4","4.5","4.6"],"block_files":[],"assets_screenshots":{"screenshot-1.png":{"filename":"screenshot-1.png","revision":3076472,"resolution":"1","location":"plugin"},"screenshot-2.png":{"filename":"screenshot-2.png","revision":3076472,"resolution":"2","location":"plugin"}},"screenshots":{"1":"Plugin options, allowing WordPress authentication","2":"WordPress login form with external authentication link"},"jetpack_post_was_ever_published":false},"plugin_section":[],"plugin_tags":[710],"plugin_category":[38],"plugin_contributors":[82794],"plugin_business_model":[],"class_list":["post-1517","plugin","type-plugin","status-publish","hentry","plugin_tags-authentication","plugin_category-authentication","plugin_contributors-dwc","plugin_committers-dwc"],"banners":[],"icons":{"svg":false,"icon":"https:\/\/s.w.org\/plugins\/geopattern-icon\/http-authentication.svg","icon_2x":false,"generated":true},"screenshots":[{"src":"https:\/\/ps.w.org\/http-authentication\/trunk\/screenshot-1.png?rev=3076472","caption":"Plugin options, allowing WordPress authentication"},{"src":"https:\/\/ps.w.org\/http-authentication\/trunk\/screenshot-2.png?rev=3076472","caption":"WordPress login form with external authentication link"}],"raw_content":"\n
The HTTP Authentication plugin allows you to use existing means of authenticating people to WordPress. This includes Apache's basic HTTP authentication module, Shibboleth<\/a>, and many others.<\/p>\n\n To follow updates to this plugin, visit:<\/p>\n\n https:\/\/danieltwc.com\/<\/p>\n\n For help with this version, visit:<\/p>\n\n https:\/\/danieltwc.com\/2011\/http-authentication-4-0\/<\/p>\n\n\n Any authentication mechanism which sets the This depends on your hosting environment and your means of authentication.<\/p>\n\n Many Apache installations allow configuration of authentication via (You may also want to protect your Then, create another In both files, be sure to set See Apache's HOWTO: Authentication, Authorization, and Access Control<\/a>.<\/p><\/dd>\n This plugin doesn't actually authenticate users. It simply feeds WordPress the name of a user who has successfully authenticated through Apache.<\/p>\n\n To determine the username, this plugin uses the By default, this plugin generates a random password each time you create a user or edit an existing user's profile. However, since this plugin requires an external authentication mechanism, this password is not requested by WordPress. Generating a random password helps protect accounts, preventing one authorized user from pretending to be another.<\/p><\/dd>\n Because this plugin generates a random password when you create a new user or edit an existing user's profile, you will most likely have to reset each user's password if you disable this plugin. WordPress provides a link for requesting a new password on the login screen.<\/p>\n\n Also, you should leave the In the worst case scenario, you may have to use phpMyAdmin or the MySQL command line to reset a user's password<\/a>.<\/p><\/dd>\n Yes. You can authenticate some users via an external, single sign-on system and other users via the built-in username and password combination. (Note: When mixed authentication is in use, this plugin does not scramble passwords as described above.)<\/p>\n\n When you configure your external authentication system, make sure that you allow users in even if they have not authenticated externally. Using Shibboleth<\/a> as an example:\n AuthName \"Shibboleth\"\n AuthType Shibboleth\n Require Shibboleth<\/p>\n\n\n
http-authentication<\/code> folder to your plugins folder, usually wp-content\/plugins<\/code>. (Or simply via the built-in installer.)<\/li>\nwp-login.php<\/code> and wp-admin<\/code> using your external authentication (using, for example, .htaccess<\/code> files).<\/li>\n\n
What authentication mechanisms can I use?<\/h3><\/dt>\n
REMOTE_USER<\/code> (or REDIRECT_REMOTE_USER<\/code>, in the case of ScriptAlias'd PHP-as-CGI) environment variable can be used in conjunction with this plugin. Examples include Apache's mod_auth<\/code> and mod_auth_ldap<\/code>.<\/p><\/dd>\nHow should I set up external authentication?<\/h3><\/dt>\n
.htaccess<\/code> files, while some do not. Try adding the following to your blog's top-level .htaccess<\/code> file:\n \n AuthName \"WordPress\"\n AuthType Basic\n AuthUserFile \/path\/to\/passwords\n Require user dwc\n <\/p>\n\nxmlrpc.php<\/code> file, which uses separate authentication code.)<\/p>\n\n.htaccess<\/code> file in your wp-admin<\/code> directory with the following contents:\n AuthName \"WordPress\"\n AuthType Basic\n AuthUserFile \/path\/to\/passwords\n Require user dwc<\/p>\n\n\/path\/to\/passwords<\/code> to the location of your password file. For more information on creating this file, see below.<\/p><\/dd>\nWhere can I find more information on configuring Apache authentication?<\/h3><\/dt>\n
How does this plugin authenticate users?<\/h3><\/dt>\n
REMOTE_USER<\/code> or the REDIRECT_REMOTE_USER<\/code> environment variable, which is set by many Apache authentication modules. If someone can find a way to spoof this value, this plugin is not guaranteed to be secure.<\/p>\n\nIf I disable this plugin, how will I login?<\/h3><\/dt>\n
admin<\/code> user as a fallback, i.e. create a new account to use with this plugin. As long as you don't edit the admin<\/code> profile, WordPress will store the password set when you installed WordPress.<\/p>\n\nCan I configure the plugin to support standard WordPress logins?<\/h3><\/dt>\n