Basic Auth results in "ERR_TOO_MANY_RETRIES"

[WorkinOnIt]

Hello

For some basic wordpress sites, we use a Basic Auth popup to add another layer of security.

<FilesMatch "wp-login.php">
AuthName "Authorized Only"
AuthType Basic
AuthUserFile /home/username/.wpadmin
require valid-user
</FilesMatch>

And in the .wpadmin file, we have added the username and password MD5. It has worked just fine. However, after what appears to have been a cPanel update, we now get the following issues:

This site can’t be reached
The web page at example.com/wp-login.php might be temporarily down or it may have moved permanently to a new web address.
ERR_TOO_MANY_RETRIES


When we disable the FilesMatch entry, the wp-admin section loads fine again.

Is there any reason why the above would suddenly stop working ? Could it be something to do with the WordPress Toolkit (that recently got installed.... and how do we remove WordPress Toolkit?)

Thanks

 

[cPDavidL]

Greetings!

One thing that stands out initially is the AuthUserFile path:

AuthUserFile /home/username/.wpadmin

This is in an .htaccess file also found in the users home directory?

 

[WorkinOnIt]

Yes that's correct, it's in the public_html folder

 

[pwaara]

I am experiencing the same issue. I use directory protection on my dev sites to prevent crawlers and unauthorized access. Yesterday, everything worked fine. Today, all my dev sites are broken returning

"
This site can’t be reached
The webpage at

https://dev.xxxsxxxxx.com/yrs/

might be temporarily down or it may have moved permanently to a new web address.


ERR_TOO_MANY_RETRIES
"

This is only happening in Chrome. It works in Firefox and Edge.

 

[WorkinOnIt]

Yes same issue by the sounds of it. Mine was also working fine yesterday, so I suspect something has changed on the server, but I've not yet checked to see if there has been an update, but I can't see why else it would suddenly be returning this error.

 

[pwaara]

Ok, I think I found it. It appears to be caused by the LastPass extension I use as my password keeper. If I turn off " Automatically fill login information " in the Options of LastPass, everything works as expected. That was a weird one. I presume LassPass must have updated overnight, and when I rebooted this morning, the new version introduced the bug. I'll see if there is a place to report bugs to LastPass.

 

[WorkinOnIt]

@pwaara Not sure how you worked that out but that was it!

 

[cPRex]

Great collaboration there! I'm glad you were able to track that down and that there wasn't an actual issue with the server software.

 

[mikepeat]

Thanks @pwaara - that's helped me! I assumed it was a bug in the latest version of Chrome, but was a bit surprised my customers weren't experiencing the same thing. I hadn't even considered this!!

 

[cPRex]

When doing web development work we usually have one browser that's "clean" with no addons or manual changes just in case there are odd issues like this, so that might be something you want to consider for the future.