Compiling a Patched Package in Ubuntu 12.04

Make a working directory:

mkdir mod-auth-mysql-phpass
cd mod-auth-mysql-phpass

Get the dependencies and source code for mod_auth_mysql:

sudo apt-get build-dep mod-auth-mysql
apt-get source mod-auth-mysql

Also install fakeroot for the patching to be successful:

sudo apt-get install fakeroot

Go to the source code:

cd mod-auth-mysql-4.3.9

Check patch list:

cat debian/patches/00list

Add a new patch with the last patch in the list as the base (for me it was number 17):

dpatch-edit-patch patch 018-phpass 017-doc_persistent_conn.dpatch

It should print something like this:

dpatch-edit-patch:

Now launching an interactive shell in your work directory. Edit your files.
When you are done, exit the shell. When you exit the shell, your patch will be
automatically updated based on the changes in your work directory.

Download the patch:

wget http://pelam.fi/published_sources/mod-auth-mysql-phpass/patch.diff

Apply patch, then delete it:

patch < patch.diff
rm patch.diff

Exit dpatch-edit-patch:

exit

It should print something like this:

dpatch-edit-patch: /home/user/mod-auth-mysql-phpass/mod-auth-mysql-4.3.9/debian/patches/018-phpass.dpatch created.

Add the new patch to the end of the patch list:

echo 018-phpass.dpatch >> debian/patches/00list

Build the patched version:

dpkg-buildpackage -b -uc

The package should appear one level up in the directory tree:

cd ..

Installing the Patched .deb

Just install:

sudo dpkg --install libapache2-mod-auth-mysql_4.3.9-13ubuntu3_amd64.deb

And make sure it is not upgraded automatically:

echo "libapache2-mod-auth-mysql hold" | sudo dpkg --set-selections

Configuring the Patched mod_auth_mysql

Enable the module:

sudo a2enmod auth_mysql

Read the documentation:

less /usr/share/doc/libapache2-mod-auth-mysql/DIRECTIVES.gz

Create a directory for protected files:

mkdir /var/www/protected

Configure either using .htaccess file /var/www/protected/.htaccess (you must have "AllowOverride AuthConfig Limit" enabled for this to work), or directly to Apache configuration:

# Disable file-based auth
AuthBasicAuthoritative      Off
AuthUserFile                /dev/null

# Enable MySQL auth
AuthMySQL                   On
AuthType                    Basic
AuthName                    "Unauthorized use prohibited"

# Basic information - fill in your own details here
Auth_MySQL_User             DB_USER
Auth_MySQL_Password         DB_PASSWORD
Auth_MySQL_Host             DB_HOST
Auth_MySQL_DB               DB_NAME
Auth_MySQL_CharacterSet     utf8

# The table and fields to use
Auth_MySQL_Password_Table   wp_users
Auth_MySQL_Username_Field   wp_users.user_login
Auth_MySQL_Password_Field   wp_users.user_pass
Auth_MySQL_Encryption_Types PHPass PHP_MD5 # This is where we need the patch

# Any user found in the table can log in
Require                     valid-user

# Users can log in from anywhere
Order                       allow,deny
Allow                       from all

Replace the DB* values with values of your own (you can use the same values you have in wp-config.php).

Add a test file:

echo "test" > /var/www/protected/test.txt

Restart Apache:

sudo service apache2 restart

Now you should be prompted for username and password when you try to fetch the test file. Also, you should be able to log in with your WordPress username and password but with nothing else.

Protecting WordPress with http Authentication

At first it may sound silly, but you may wish to protect the WordPress installation itself using http authentication. This configuration is useful, if you want each user to only log in once anywhere on your site (inside or outside of WordPress) using http authentication.

To make WordPress recognize http-authenticated users, install the HTTP Authentication plugin to WordPress. Then, enable the plugin. The plugin needs no further configuration. Just protect what you want with Apache directives. You can protect the whole site, or just the wp-login.php file and wp-admin directory to protect logins and administration with http auth.