Title: Plugin bypass apache basic authentication
Last modified: October 14, 2019

---

# Plugin bypass apache basic authentication

 *  [TenyHarko](https://wordpress.org/support/users/tenyharko/)
 * (@tenyharko)
 * [6 years, 7 months ago](https://wordpress.org/support/topic/plugin-bypass-apache-basic-authentication/)
 * Hi,
 * It seems that this plugin bypass the apache **basic authentication** when “banned
   users” is active.
    Because ITSecurity modify the htaccess file and add some lines
   like :
 *     ```
       <IfModule mod_authz_core.c>
         <RequireAll>
           Require all granted
           Require not env DenyAccess
           Require not ip xxx.xxx.xxx.xxx
           Require not ip xxx.xxx.xxx.yyy
         </RequireAll>
       </IfModule>
       <IfModule !mod_authz_core.c>
         Order allow,deny
         Allow from all
         Deny from env=DenyAccess
         Deny from xxx.xxx.xxx.xxx
         Deny from xxx.xxx.xxx.yyy
       </IfModule>
       ```
   
 * And those lines will bypass directives set **before** in apache server conf file
   for example :
 *     ```
       <Directory "/var/www/htdocs">
         AuthType Basic
         AuthName "RESTRICTED"
         AuthUserFile "passw_file"
         require valid-user
       </Directory>
       ```
   
 * So all users (except banned) will have access to website although it has been
   protected.
    Not sure I make myself understand (my english is not as fluent as
   I want) but I think it’s important to note this issue, since it would set your
   website to “public” even if you think it isn’t
 * Ten

The topic ‘Plugin bypass apache basic authentication’ is closed to new replies.

 * ![](https://ps.w.org/better-wp-security/assets/icon.svg?rev=3529351)
 * [Kadence Security – Password, Two Factor Authentication, and Brute Force Protection](https://wordpress.org/plugins/better-wp-security/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/better-wp-security/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/better-wp-security/)
 * [Active Topics](https://wordpress.org/support/plugin/better-wp-security/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/better-wp-security/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/better-wp-security/reviews/)

## Tags

 * [apache](https://wordpress.org/support/topic-tag/apache/)
 * [banned users](https://wordpress.org/support/topic-tag/banned-users/)
 * [htaccess](https://wordpress.org/support/topic-tag/htaccess/)

 * 0 replies
 * 1 participant
 * Last reply from: [TenyHarko](https://wordpress.org/support/users/tenyharko/)
 * Last activity: [6 years, 7 months ago](https://wordpress.org/support/topic/plugin-bypass-apache-basic-authentication/)
 * Status: not resolved