I'm hitting htaccess security, but not sure from where

Since installing Domain Mapping, I'm having two problems which are likely related.

1) The new domains are asking me for username and password with a dialog box from the browser (e.g., caused by htaccess restriction (says "Restricted Area")

2) superadmins cannot log into the wordpress admin for individual sites. (wordpress security).

I have already checked htaccess at:
/var/www/ (there's no user security here)
/var/www/wp-admin/ (there's no htaccess here)

I don't see anywhere else that this htaccess security may be. What did I miss?

I do see a .htpasswd at /etc/apache2/ but when I remove that, it causes more issues.

I could really use a more easy to understand step by step on how to install Domain Mapping and Multi-user WP 4.1 .... on a completely fresh setup.
Thanks!

Neil

  • Michelle Shull

    Hey there, Neil! Welcome to WPMU DEV!

    That username/password combo is in fact coming from Apache, not WordPress. Your host may have installed it, or if you're on Digital Ocean, the initial setup instructions would have explained how to set up this protection, and also how to disable it. This only protects your admin area, so it can be very handy if you want your site locked down, but not so handy if you have a bunch of subsite admins who can't access their sites.

    You should have set or been sent a username/password combo for this field when you signed up for your hosting account originally, does this sound like something familiar?

    We'll help get this sorted out, Neil!

  • Neil

    Goals:
    One sign WP install for our all of our WP sites. No customers, auto create of users, and a very controlled setup for plug-ins and themes installed.

    Background:
    The base server is called something like xp.mycompany.com -- and that will have basically nothing on it except that I may move wiki type content there at some point, but the individual sites in the named things like:

    pro.abc.com
    conference.abc.com
    http://www.def.com
    etc...

    Admin/Login mapping are currently set to "domain entered by the user" -- but since DNS is propagated, I've also tried mapped domain.

    Questions:
    1) When at: http://wp.xplain.com/wp-admin/network/settings.php?page=domainmapping_options&tab=mapped-domains -- I don't see any sites listed. They seem to work, but the mapping doesn't show up here -- should it?

    2) When I try to add mapping at wp-admin/tools.php?page=domainmapping for a specific domain -- it tells me "Domain is already mapped"). What is this for if it's already working?

    3) I don't understand whether cross-domain autologin applies to ALL users on ALL sites, or just for the sites a user has privs at. For example, is a superadmin already logged in everywhere? Or if a user has access to sites A and C but not B, what would happen? (the docs are light on exactly what's happening).

    Still looking around, but that's the first things that are coming to mind.
    Thanks!

    Neil

  • Michelle Shull

    Hi there, Neil!

    First off, so glad you found the key to the authorization login. :slight_smile:

    Next, for Domain Mapping, let's take a closer look here. As you said, it seems like everything is working, so that's good. You're on the right track, regardless of anything else going on.

    1. You should see a list of Domains you've mapped in this screen. If the member added their own domain, I don't believe it should show up in this list.
    2. I'm curious about this one - it's claiming an unmapped domain is mapped? That's definitely odd.
    3. As SuperAdmin, once you login to your primary site, you're logged in everywhere. Cross-domain login should only work for the sites where members have privileges, however. Is that what you're seeing?

    Thanks for your questions, Neil, and have a great weekend!

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.