Jesin's Blog

Welcome to the Portal of Technology

HTTP Digest Authentication

HTTP Digest Authentication

http digest authentication banner

Download Plugin
WordPress.org Plugin Page

This plugin will protect your wp-login.php login page using HTTP Digest Authentication and the best part is that it works with all web servers and doesn’t require modification of .htaccess or any other server configuration file.

Why use HTTP Digest Authentication?

  • Basic Authentication credentials are base64 encoded and sent over the network like this – amVzaW46c2VjcmV0. A base64 decoder is enough to find out what lies inside.
  • Digest Authentication credentials are encrypted with MD5 so a response looks like this – fccbc307ac95cd2caa4ce6bd23633f29
  • A nonce is generated during each authentication so for the same pair of credentials you may see very different responses like 39fe1ee757d34426b635406c812f4a0a and fccbc307ac95cd2caa4ce6bd23633f29.

Features of the HTTP Digest Authentication plugin:

  •  Works out of the box and doesn’t require modification of service config files like .htaccess, nginx.conf
  •  Supports HTTP credentials for each WordPress user
  •  Clears the HTTP Digest credentials when the user logs out of WordPress
  •  Verifies if both the HTTP and WordPress credentials are of the same user
  •  Works on all major Web Servers (Tested on Apache, Nginx and Lighttpd)

Usage

Install this plugin and activate it. Once activated all existing users will have HTTP credentials as follows

Username: <WordPress username>

Password: password

Each user can change this by going to their Users > Your Profile. Users who register or are added through the administration panel will also have the same default credentials.

I forgot my HTTP digest username

Use the following MySQL query to find it out.

SELECT meta_value FROM `wp_usermeta` WHERE meta_key = 'http-digest-auth_username' and user_id = (SELECT ID from wp_users where user_login = 'WordPress_Username');

Replace wp_ with your database prefix and use you actual WordPress login username.

I forgot my HTTP digest password

Use the following MySQL query to reset it to ‘secret’.

UPDATE `wp_usermeta` SET meta_value = 'password' WHERE meta_key = 'http-digest-auth_password' and user_id = (SELECT ID from wp_users where user_login = 'WordPress_Username');

Login and change your password immediately.

Screenshots

http digest authentication login
The HTTP digest authentication prompt displayed by the browser when accessing wp-login.php
http digest authentication wp login
The wp-login.php page will display the HTTP Digest username. It also displays a logout link which logs out the HTTP user.
http digest authentication your profile
Change your HTTP username/password by going to Users > Your Profile
http digest authentication logout
When you logout of WordPress you’ll be taken to this screen. Clicking “Login Again” will prompt for HTTP credentials before wp-login.php.

Download Plugin

Vultr SSD VPS