Can't access XAMPP security settings (/localhost/security/)

Problems with the Windows version of XAMPP, questions, comments, and anything related.

Can't access XAMPP security settings (/localhost/security/)

Postby harolde » 30. January 2011 04:09

1) I just downloaded & installed XAMPP. When I initially tried to set password for XAMPP security info (http://localhost/security/index.php), I did NOT create a MySQL root PW (don't ask me why ... I thought the page said it wasn't necessary ... which I know doesn't seem likely ...), but I did set a ID & PW for XAMPP Directory Protection.

2) When I then try to examine local XAMPP security settings (http://localhost/security/lang.php?en), I get asked for an ID & password - but using the password I'm REASONABLY sure I created (& wrote down) doesn't work (the error log says: authentication failure for "/security/lang.php": Password Mismatch, referer: http://localhost/xampp/navi.php.

3) I know, I know - unlikely that XAMPP or APache messed up. Even though I was careful, I'm human, & probably made a typo. But, what do I do now???

4) I see instructions for changing MySql PW manually, & I do, but I still can't pass Authentication for XAMPP security settings. I assume all I've done is change the MySql root PW & not the PW Apache needs. The Apache error log shows "user root not found:" when I try to use root, but "authentication failure ... Password Mismatch" for the user I created back in the beginning

5) I've also noticed the file C:\xampp\security\xampp.users - which HAS the user ID I created back in the beginning & what sure looks like it could be an encrypted PW. Is there a way to decrypt it? Or replace it? As a XAMPP newbie, I'm not going to start manually changing those files w/o advice!
Posts: 1
Joined: 30. January 2011 00:00

Re: Can't access XAMPP security settings (/localhost/securit

Postby Sharley » 30. January 2011 04:32

I take it that when you said you just download and installed XAMPP that the version is 1.7.4 ?

Delete these 3 files and the user/pass you created should be gone, then you can try again to set them in security.


There is a little check box that will save your user/pass in plain text in the \xampp\security folder that you can keep in there or move it to another location in your PC. I think the security risk is minimal if you are the only user on the PC or you trust the other users that may use it.

---- Security risk! ----
Safe plain password in text file?
(File: G:\xampp174\security\security\xamppdirpasswd.txt)
(Safe is a translation error from German that should have read Save).
Just tick the box and check it has saved the user/pass correctly.

The \xampp\security folder is not accessible from the Internet but only available to localhost and is why I said that the security risk is minimal but the advantage is obvious. ;)

Good luck and best wishes. :)
User avatar
AF Moderator
Posts: 3316
Joined: 03. October 2008 05:10
Location: Yeppoon, Australia Time Zone: GMT/UTC+10
XAMPP Version: 5.6.3
Operating System: Win 7 Pro 32bit/XP Pro SP3

Return to XAMPP for Windows

Who is online

Users browsing this forum: WEB11 and 47 guests