I need to have password protection on some web pages outside of the main WordPress site. The users would prefer to use the usernames and passwords they already have in the WordPress.
The obvious solution would seem to be to use the Apace module for Mysql based authentication: mod-auth-mysql.
This however does not seem to be possible, because WordPress uses Phpass password encryption, which is not supported by mod-auth-mysql.
- http://modauthmysql.sourceforge.net/CONFIGURE
- http://www.openwall.com/phpass/
- https://wordpress.stackexchange.com/questions/32004/how-to-validate-wordpress-generated-password-in-db-using-php
Is there any way to get around this limitation?
You can use a patched version of mod-auth-mysql to accept Phpass encrypted passwords. I’ll include instructions on how to do this in ubuntu and debian.
The raw patch file is available here
Patching Mod-auth-mysql in Ubuntu/Debian to support Phpass
These instructions have been tested in Ubuntu 10.4, 12.04 and 14.04.5, but should work on many other Debian based platforms with minimal changes.
Create a working directory for building the patched .deb package
Get dependencies needed for building the package and the package source.
Go to the newly created source folder.
Use Debian tool to create a properly debian formatted patch (.dpatch). First check the current list of patches.
The last official patch will be at the end of the list. Use the name of the last patch
as the last argument of dpatch-edit-patch command below. Also pick a number one greater for the name of the new phpass patch.
In my case the last patch in the list was 017-doc_persistent_conn.dpatch and the name of phpass patch is then 018-phpass.
dpatch-edit-patch will start a new shell inside a special folder that
it will use to build the custom debian formatted patch.
download the raw patch
Apply the raw patch and delete it.
Tell dpatch-edit-patch that our custom patch can be generated.
Wonder at your new properly Debian formatted patch. You should also
review the changes made by this unofficial patch if you care about security 🙂
Add the new patch to the list of patches to be applied when .deb package is built.
Build the patched package
Now you can install your custom built .deb package (the built package name may vary depending on your system).
Configuring Mod-auth-mysql to Authenticate Against WordPress Using Phpass
Enable mod-auth-mysql:
Restart apache for the new module to take effect:
The documentation (Now including Phpass) can be viewed with eg. less command
Here is a sample .htaccess file that allows access only for WordPress administrators: