You can use the patched version of mod-auth-mysql to accept encrypted Phpass passwords. I will include instructions on how to do this in ubuntu and debian.
The raw patch file is available here.
Ubuntu / Debian Mod-auth-mysql patch to support Phpass
These instructions were tested on Ubuntu 10.4, 12.04, and 14.04.5, but should work on many other Debian based platforms with minimal modifications.
Create a working directory to create the patched .deb package
mkdir mod-auth-mysql-phpass cd mod-auth-mysql-phpass
Get the dependencies needed to create the package and package source.
sudo apt-get build-dep mod-auth-mysql fakeroot apt-get source mod-auth-mysql
Browse to the newly created source folder.
cd mod-auth-mysql-4.3.9
Use the Debian tool to create a properly formatted debian patch (.dpatch). First check the current list of patches.
cat debian/patches/00list
The last official patch will be at the end of the list. Use the name of the last patch as the last argument to the dpatch-edit-patch command below. Also select number one for the name of the new phpass patch. In my case, the last patch in the list was 017-doc_persistent_conn.dpatch, and the name phpass-patch is 018-phpass.
dpatch-edit-patch patch 018-phpass 017-doc_persistent_conn.dpatch
dpatch-edit-patch will launch a new shell inside a special folder, which it will use to create a custom formatted debian patch.
download raw patch
wget https:
Apply the original patch and remove it.
patch < patch.diff rm patch.diff
Tell dpatch-edit-patch that our custom patch can be generated.
exit
Think about the new Debian patch fixed. You should also look at the changes made by this unofficial patch if you care about security :)
cat debian/patches/018-phpass.dpatch
Add a new patch to the list of patches that will be used when creating the .deb package.
echo 018-phpass.dpatch >> debian/patches/00list
Create a fixed package
dpkg-buildpackage -b -uc
Now you can install your custom .deb package (the name of the built-in package may vary depending on your system).
sudo dpkg --install ../libapache2-mod-auth-mysql_4.3.9-13.1ubuntu3_amd64.deb
Configuring Mod-auth-mysql for Wordpress Authentication with Phpass
Enable mod-auth-mysql:
sudo a2enmod auth_mysql
Restart apache for the new module:
sudo service apache2 restart
Documentation (now including Phpass) can be viewed, for example. less team
zless /usr/share/doc/libapache2-mod-auth-mysql/DIRECTIVES.gz
Here is an example .htaccess file that allows access only for Wordpress administrators:
AuthType Basic AuthName "Give Wordpress Administrator username and password" Auth_MySQL_User YOUR_MYSQL_USER_HERE Auth_MySQL_Password YOUR_MYSQL_PASSWORD_HERE Auth_MySQL_Host YOUR_MYSQL_SERVER_HERE AuthBasicAuthoritative Off # I don't know a better way to disable the default password file authentication AuthUserFile /dev/null Auth_MySQL on Auth_MySQL_DB YOUR_WORDPRESS_MYSQL_SCHEMA_NAME_HERE Auth_MySQL_Password_Table wp_users Auth_MySQL_Username_Field wp_users.user_login Auth_MySQL_Password_Field wp_users.user_pass Auth_MySQL_Encryption_Types PHPass PHP_MD5 Auth_MySQL_Group_Table "wp_users, wp_usermeta" Auth_MySQL_Group_Clause "AND wp_users.ID = wp_usermeta.user_id AND wp_usermeta.meta_key='wp-capabilities' and m.meta_value like '%s:13:\"administrator\"%'" Auth_MySQL_Persistent On Auth_MySQL_Authoritative Off Auth_MySQL_CharacterSet utf8 Require valid-user Order allow,deny Allow from all