Before I forget here’s a quick and dirty hack for enabling Apache Authentication in WordPress 1.5 that I whipped up the other week:

# line 20 of wp-login.php

if($_SERVER['REMOTE_USER']) {
  $action = 'login';
}

# line 162 of wp-login.php
if($_SERVER['REMOTE_USER']) {
  $user_login = $_SERVER['REMOTE_USER'];
  $user_pass = $user_login;
}

# at the top of wp_login in wp-include/functions.php

if($username == $_SERVER['REMOTE_USER']) {
  
  $login = $wpdb->get_row("SELECT ID, user_login, user_pass 
                           FROM $wpdb->users 
                           WHERE user_login = '$username'");
  if ($login) {
    return true;
  }
}

.htaccess are applied to <File wp-login.php> and to the wp-admin directory

There’s a more “proper” WP 1.5 Authentication Plugin but I couldn’t get it to work and the do_action() callbacks were annoying/impossible to debug. Daniel generously offered to help get it working, but if we use it for what we’re planning to, the above hack should be fine until Apache auth makes it into WP core.

One other note: there’s no ‘scheme’ so http/https is broken on the CSS linking for the admin. That needs to be changed from the WP options.