I was helping a friend set up a site for their family, and they wanted it to be password protected. I protect our family site using Apache’s basic access protection (
httpauth), and it works well enough, so that’s how I set up his site as well.
However, we then had nothing but trouble with the Flash-based image uploader in WordPress, which is a tool I don’t personally use. After some digging, I discovered that the Flash-based image uploader simply won’t work with
Because the objective was to keep out unwanted visitors, I found a workaround — it’s not perfect security, but it seems to do the job well, and allows the Flash-based image uploader to work. I disabled the
httpauth access restriction, then installed two plug-ins:
- Restricted Site Access: This plug-in prevents anyone from seeing the site without first logging in. We then created one generic username/password for my friend to give out to all his relatives (which is what we would have done using
- Peter’s Login Redirect: This sends users to the home page of the site after login, instead of to their control panel. I’m not sure why, but after logging in, our generic user was going to their control panel. This plug-in solved that problem.
The end result is a site that’s protected from casual visitors, as well as robots (though we’ve also got a robots.txt file set up, just in case). It’d be nicer if WordPress would just fix the
httpauth issues, but it seems they’re not interested in doing that.