Askapache Password Protect Security Features

Table of Contents

  1. Introduction
    1. Brand New Features for 4.x
    2. Example WordPress Generated .htaccess
      1. Password Protecting wp-admin
      2. Blog root .htaccess
    3. SID .htaccess Security Modules

Brand New Features for 4.x

  1. gzip's previous .htaccess file and sends it as an attachment to the logged in users email account along with password user setup.
  2. Provides a AA_PP_DEBUG constant that you can set to 1 for verbose debugging
  3. Now also works for sites running on SSL (PHP version >4.3.0)
  4. Rewrote the security module code in the form of snort, nessus, and mod_security rules and signatures
  5. Added a *real* check to see if mod_rewrite is installed
  6. Added Modules that remove directoryindexes
  7. Added Module to require SSL (only enabled for SSL blogs, so you don't shoot yourself in the foot)
  8. Added Module that only allows certain REQUEST_METHOD in the request
  9. Much more on the way..

Example WordPress Generated .htaccess

Password Protecting wp-admin 

# BEGIN AskApache PassPro
# sid900
AuthName "Protected By AskApache"
AuthUserFile /askapache.com/.htpasswda1
AuthType Basic
Require valid-user


Allow from All



Allow from All

Satisfy Any
# sid900
# END AskApache PassPro

Blog root .htaccess 

# BEGIN WordPress

RewriteEngine On
RewriteBase /blog/
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /blog/index.php [L]


# END WordPress

# BEGIN AskApache PassPro


RewriteEngine On
RewriteBase /

# sid1000
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /blog/wp-content/.*$ [NC]
RewriteCond %{REQUEST_FILENAME} ^.+.php$
RewriteRule .* - [F,NS]
# sid1000
# sid1010
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /blog/wp-includes/.*$ [NC]
RewriteCond %{REQUEST_FILENAME} ^.+.php$
RewriteRule .* - [F,NS]
# sid1010



# sid1005

AuthName "Protected By AskApache"
AuthUserFile /askapache.com/.htpasswda1
AuthType Basic
Require valid-user

# sid1005

# END AskApache PassPro

SID .htaccess Security Modules

If you have any ideas for some more, please let us know!

SID Protection Description Response Enable
900 wp-admin/*.*
 Requires a valid user/pass to access any non-static (css, js, images) file in this directory 401
1000 wp-content/*.php
 Denies any Direct request for files ending in .php with a 403 Forbidden 401
1005 wp-login.php
 Requires a valid user/pass to access the login page 401
1010 wp-includes/*.php
 Denies any Direct request for files ending in .php with a 403 Forbidden 403
1015 REQUEST_METHODS
 Denies any request not using !GET|POST|OPTIONS|PUT|HEAD 403
1025 Directory Protection
 Enable the DirectoryIndex Protection, preventing directory index listing Disable

WordPress Plugin for Apache .htaccess Security - AskApache

Charles Torvalds
1 Jan 2008

  • Site Map WireShark GNU Non-GNU Tor Project cURL TLDP - Documentation
  • Htaccess Files Hacking Htaccess Javascript Linux Optimization PHP Security Shell Scripting WordPress
  • Base64 Image Converter Raw HTTP Header Debugger Graphical ASCII Text Generator Mac Address Vendor Lookup Who Am I – Your IP Information Request Method Security Scanner .htpasswd file Generator Compress CSS DNS Tracer
Copyright © 2025 AskApache
  • Site Map
  • Htaccess Files
  • Hacking
  • Htaccess
  • Javascript
  • Linux
  • Optimization
  • PHP
  • Security
  • Shell Scripting
  • WordPress
  • Base64 Image Converter
  • Raw HTTP Header Debugger
  • Graphical ASCII Text Generator
  • Mac Address Vendor Lookup
  • Who Am I – Your IP Information
  • Request Method Security Scanner
  • .htpasswd file Generator
  • Compress CSS
  • DNS Tracer
Exit mobile version