stop double htpasswd authentication for http https login in admin

If you have set up an htpasswd login to your admin (which is a good idea) you may be having to login twice to the htpasswd popup – once for an http and again for an https connection. This is so you’re authenticated in both connections which use different ports.

If you don’t want to have to login twice, here’s how to fix it:

1. The obvious way
If you login to your https admin using a http link, it will ask you to login twice in the htpasswd login popu.

Fix: Make sure your admin link/bookmark url you connect to your admin with starts with https://

2. Redirect all admin logins to https
Use this approach if 1. above doesn’t work.
Add the following to the top of the admin htaccess (not store htaccess file) to direct all admin urls to run under https.

Note – you must have 1) an htpasswd login setup and 2) an SSL certificate stored on your server to use this modification.

Find /admin/.htaccess and add at the top under the first commented line:

SSLOptions +StrictRequire
SSLRequireSSL
SSLRequire %{HTTP_HOST} eq "mywebsite.com"
ErrorDocument 403 https://mywebsite.com/admin

Note – change ‘mywebsite.com’ and also the ‘mywebsite.com/admin’ to your actual store’s domain name and admin (which shouldn’t be ‘admin’ either as this is a security risk.)