wp-admin htpasswd login field home page

  • For extra security I have set a htaccess pasword for the wp-admin folder. But now I get a login box on the homepage and I think this is because wordfence is loading te following file:

    <script type="text/javascript">var src="https://***.nl/wp-admin/admin-ajax.php?action=wordfence_logHuman&hid=F******************************B"; if(window.location.protocol == "https:"){ src = src.replace("http:", "https:"); } var wfHTImg = new Image(); wfHTImg.src=src;</script>

    What can I do about this?

    https://www.ads-software.com/extend/plugins/wordfence/

Viewing 4 replies - 1 through 4 (of 4 total)

  • I have the same problem, I disabled wordfence.

    And I turned Wordfence back on.

    For anybody else that wants to restore Basic Auth to the admin area, here’s my workaround that seems to work:

    <FilesMatch "^(admin|dashboard|index|admin-header|admin-footer|edit|edit-tags|options-reading|site-new|user-new|users|sites|tools|post|upload|themes|post-new|widgets|nav-menus).php$">
AuthName "WrodPress"
AuthType Basic
AuthUserFile /var/www/vhosts/mysite.com/htpass
Require valid-user
</FilesMatch>

    For those who miss the significance, the password file is outside the
    AuthUserFile /var/www/vhosts/mysite.com/htpass
    web hierarchy,
    AuthUserFile /var/www/vhosts/mysite.com/httpdocs/
    This is a second .htaccess file located in the wp-admin directory, the 

    <files ~ "^.*\.([Hh][Tt][Aa])">
order allow,deny
deny from all
</files>

    is located in the primary .htaccess in the web root

    Thread Starter iivvvii

    (@iivvvii)

    I fixed it by adding this code after the normal password protection htaccess:

    <FilesMatch "admin-ajax.php">
  Satisfy Any
  Allow from all
</FilesMatch>

    I like yours better, but I don’t think I need to change mine again. I imagine as time goes on, there will be another library needed.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘wp-admin htpasswd login field home page’ is closed to new replies.