WordPress.org

Ready to get started?Download WordPress

Forums

Content Warning
CWV2, WP-Admin protection, and you! (3 posts)

  1. Jerry
    Member
    Plugin Author

    Posted 2 years ago #

    This post goes out to the small minority of users that password protect their wp-admin directory against hackers via htpasswd files and the like. While I believe that using htaccess files to password protect the /wp-admin folder is a great idea, it does have it's drawbacks.

    Bettwer WP.net says: "There is one major drawback with this method, that is your normal visitors will also be prompted to provide the same pair of username/password you just choose when they fail to comment or when they login or signup. WordPress causes this issues because it requests for media files inside the wp-admin folder."

    To those of you using this method, I encourage you to look at this post on betterwp.net as it's directed towards you.

    http://betterwp.net/wordpress-tips/protect-wordpress-wp-admin-folder/

    FYI, no this isn't a sponsored link lol, just figured I would show you guys how to fix this as I don't believe that using the old AJAX methods in the plugin is safe.

    http://wordpress.org/extend/plugins/content-warning-v2/

  2. damsko
    Member
    Posted 2 years ago #

    Hi Jerry,

    to add some feedback: I just updated the plugin to version 2.4.13 after adding the 'exception' rule:

    <Files admin-ajax.php>
    Order Allow,Deny
    Allow from All
    Satisfy Any
    </Files>

    ...to my wp-admin directory .htaccess file and found that it solved the issue for me. So thanks for the pointer!

    The solution works with a password protected wp-admin directory, a wp-admin directory that only allows access to selected IP adresses and also to a combination of both. Added a 'Works' vote to the Plugin version.

    Perhaps you could however consider a warning page for future distributions that does not require java-script. I have been looking for that but could not find it and also could not manage to make something on my own accords. I got a lot of warnings as in server warnings but no content warning for the visitors... The plugin you offer works fine but all visitors that have java-script disabled will of course see no warning.

    When it would be no big effort for you to make the switch to a warning page that does not require java-script so that all visitors (except the search engines) get a warning served then that perhaps might be something to consider.

    Greetings and thanks for the feedback and effort, damsko

  3. m4declare1
    Member
    Posted 2 years ago #

    Well when adding a url! It's not working! and Select a page is not working!

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic