Hi everyone,
I am experimenting with Yunohost to replace my own-grown server installation. I have a Wordpress blog which is currently available at:
To reduce the attack surface, visitors first get basic HTTP authentication set up with Apache when they open the URL. Only visitors with the correct HTTP username and password can access Wordpress at all. Normal visitors do not have Wordpress accounts and use Wordpress anonymously. Authors and admins have accounts and log in into Wordpress in addition to the HTTP auth. Everyone (visitors, authors, admins) uses the same HTTP username and password.
I would like to have the same setup with Yunohost. I tried following options:
- Install the HTTP Auth Plugin for Wordpress: HTTP Auth – WordPress plugin | WordPress.org It does not seem to be compatible with the Yunohost setup, I get authentication errors or 500 errors from nginx
- Install the Password Protected plugin for Wordpress: Password Protected – WordPress plugin | WordPress.org It works and kind of does the job, but the protection is lower than with an HTTP auth: Wordpress itself and potential security flaws are accessible for anyone with the base URL, and Wordpress media files can be accessed directly without the password if their path is known
I am wondering if I can modify the nginx configuration created by Yunohost to add an HTTP auth for /myblog, but I fear that it will conflict with Yunohost own authentication mechanisms, like it was probably the case with the HTTP Auth Plugin for Wordpress.
So my question is: is it possible at all to protects some applications with an additional HTTP authentication using Yunohost?
Thanks!
Oliver