Viewing 7 posts - 1 through 7 (of 7 total)
  • Author
    Posts
  • #918556

    Hello,
    if i enable htaccess for the folder /wp-admin then i am everywhere being asked for my htaccess credentials if i am on the frontend of my website.
    Every click on a page invokes the htaccess dialog and i am forced to enter everytime my username and password.
    I have sent a ticket to Automattic which is programming and maintaining all the necessary plugins which we are using. They told me that the issue is not because of the plugins of Automattic. Please can you check it up if the issue occures because of your theme? Are there other user who have the same problems ?

    #918597

    what is the reason for a htaccess file in wp-admin folder?
    to secure the admin area all methods i know have the htaccess file in the root directory and exclude from there all goodies.
    f.e. to have a password protection of wp-login.php with a htpasswd.

    something like this:

    <Files wp-login.php>
       AuthType Basic
       AuthName "Restricted Admin-Area"
       AuthUserFile /pfad/zur/.htpasswd
       Require valid-user
    </Files>
    #918836

    Hi,

    I’m also asking the same question as @guenni007, what would be the purpose of password protecting that folder? If you want to password protect the login page then there are plenty of tutorials explaining how to do that online.

    Best regards,
    Rikard

    #918863

    By the way don’t tap in so called “snake-oil” tips

    Whether you find the following tips on websites or as part of a plugin – ignores them. For the normal user, their application often results in more problems than a measurable benefit:

    1) The removal of the WordPress version from the source code
    2) Modify the link to the WordPress backend (admin section) or put it on another link
    3) Change or adjust the path to the “wp-content” folder
    4) Remove or hide the author name
    5) […]

    These measures do not solve any problems in the long term, but make it more difficult for the user to operate and use WordPress.

    #919362

    Hi,

    Thanks for sharing @guenni007 :-)

    Best regards,
    Rikard

    #919596

    Thank you for sharing the htaccess commands. However i am creating it from the backend of plesk automatically and each htaccess which i created for other websites is working fine. And it does only make problems when i am using the enfold theme. I have seen in the source code that the “resumes” page tries to call a wp-admin URL maybe therefore the window for the credentials is popping always out?
    The reason for protecting the wp-admin area ist to have an additional protection level to prevent random people to go to our admin page.
    We are not obligated to use the htaccess folder protection from plesk. If there is any other good plugin for solving our problem then thats fine too.
    Do you know any plugins which you could recommend us?
    Best greetings

    #920073

    Hi,

    The layout builder in Enfold does make use of files within that folder, so I’m guessing that is the reason for the behaviour your are describing. Though I’m still not sure why you would need to lock down that entire folder, protecting the login page should be more than enough. If you still want to keep doing that then you could try adding this to your .htaccess file:

    <Files admin-ajax.php>
        Order allow,deny
        Allow from all
        Satisfy any 
    </Files>

    Source.

    Best regards,
    Rikard

Viewing 7 posts - 1 through 7 (of 7 total)
  • You must be logged in to reply to this topic.