WordPress.org

Ready to get started?Download WordPress

Forums

.htaccess in wp-admin problem (8 posts)

  1. claytonj001
    Member
    Posted 2 years ago #

    Hello,

    I am brand new to WordPress and not a coder at all. I put an .htaccess file in my wp-admin directory but a pop-up requesting username and password is activated when the site is accessed at the public level. I have been told this is because WordPress has dependencies that requires access to the wp-admin directory even though a person is just viewing public site content. Is this true and if so how can I still protect my wp-admin directory and have a functional website? I am not sure if it is a plug-in problem causing this error.

    Thanks For your Reply

  2. kmessinger
    Volunteer Moderator
    Posted 2 years ago #

    I put an .htaccess file in my wp-admin directory

    Why?

  3. claytonj001
    Member
    Posted 2 years ago #

    I was following what I believed to be best practices to secure that directory. I have read many many recommendations for doing this not only for WordPress but for other areas that may need a little protection. Is there something wrong with doing this?

  4. kmessinger
    Volunteer Moderator
    Posted 2 years ago #

    I have been told this is because WordPress has dependencies that requires access to the wp-admin directory even though a person is just viewing public site content.

    I don't think that is right. If you or a few others are going to get to the back of the site then doing what you are doing is ok but if everyone (a membership site) has to join it won't work unless you do a lot of code work.

    You need to do it correctly, http://www.websitedefender.com/wordpress-security/htaccess-files-wordpress-security/ and under settings, general, anyone can register should not be checked.

    Can you post your url?

  5. claytonj001
    Member
    Posted 2 years ago #

    Thanks. I will look at the link you sent me. I would rather not provide a site url at this time.

  6. MickeyRoush
    Member
    Posted 2 years ago #

    It's fine to use authentication on wp-admin, but you'll probably need to exclude a few files, like all images, css, js, admin-ajax.php. Depending on your set up it varies.

    More reading:
    http://kuttler.eu/post/htaccess-protect-wordpress-admin/

    Also you may want to redirect non-admins upon login:
    http://codex.wordpress.org/Plugin_API/Filter_Reference/login_redirect

  7. claytonj001
    Member
    Posted 2 years ago #

    MR,

    Thanks for the info I will give this a look.

  8. claytonj001
    Member
    Posted 2 years ago #

    MickeyRoush,

    Thanks for the informative links. This will give me much to chew on. It seems simple enough but then again I am no coder. I have run Apache web servers before but that was years ago and was a pain for me to configure initially but easy to maintain.

Topic Closed

This topic has been closed to new replies.

About this Topic