wp-admin and .htaccess file

  • Resolved The One

    (@the-one-1)


    9 years, 8 months ago

    I had a .htaccess file in the wp-admin folder that had my IP address that only allowed me to access the Admin account. It worked I guess, but now I have discovered a problem with this. My IP address just changed from Comcast and I forgot that I had this .htacces file in the wp-admin folder so I couldn’t login. Well, not only could I not login the login box was off center. Of course when I added my IP address to the .htaccess file I can log in as expected and the odd thing is the login box is centered on the page. So now it occurs to me that users who don’t have their IP address in my .htaccess file will have an off centered login page. I have since deleted this .htaccess file since I have a lot of security already including a script called ZBblock. But I’m wondering why the login box was not centered when your IP address isn’t in the .htaccess file?

Viewing 6 replies - 1 through 6 (of 6 total)
  • Moderator James Huff

    (@macmanx)

    Probably because the .htaccess file was also blocking access to the CSS files which control the style of the login page.

    Thread Starter The One

    (@the-one-1)

    This is all that was in the .htaccess file, IP address changed of course.

    Order Deny,Allow
    Deny from all
    Allow from 192.168.1.1

    Thread Starter The One

    (@the-one-1)

    It’s just I read a blog about hardening WP and one method was the .htaccess file. I believe the blog post was several years old as some of the plugins they recommended were out of date. So now I’m wondering if perhaps the newer WP doesn’t like a .htaccess file in the the wp-admin folder?

    Moderator James Huff

    (@macmanx)

    Yep, that .htaccess bit would have only allowed 192.168.1.1 to access the wp-admin directory, including the login styles stored there.

    It’s not a matter of WordPress version, it would have always turned out that way.

    In general, that snippet is recommended for cases where you’re the only person to ever log in to your blog.

    Thread Starter The One

    (@the-one-1)

    I see now. There is in fact JS and CSS files under that folder that I had protected with my IP address. I guess I’ll won’t use that then. Thanks for the help! Much appreciated!

    Moderator James Huff

    (@macmanx)

    You’re welcome!

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘wp-admin and .htaccess file’ is closed to new replies.