Don't ask me why, but my server dislikes all these modern security plugins, probably because of old software or something. I use an old AskApache which does nothing more than password protect wp-admin and takes care of wp-content and wp-includes. The silly thing is that it does not deal with the wp-login.php file (a feature that was added at my request in a version that I cannot use). Now this is of course not so difficult to make, but now I get a password request for the admin folder and then for the login file (the htaccess for the first is in the folder itself, that for the file in the root). Can't I combine the two? And if so, should I use the htaccess in the folder or in the root?
In the root:
# BEGIN login psw
AuthName "give me your password or this computer will explode"
AuthUserFile /findyourpasswordhere
AuthType Basic
<Files "wp-login.php">
require valid-user
</Files>
# END login pswwp-admin
# BEGIN AskApache PassPro
AuthName "give me another password or this computer will explode again"
AuthUserFile /findyourpassword here
AuthType Basic
Order Deny,Allow
Deny from all
Require valid-user
Satisfy Any
<FilesMatch "\.(ico|pdf|flv|jpg|jpeg|png|gif|swf|css|js)$">
Allow from all
</FilesMatch>
# END AskApache PassProI figured that when I'd use the same password file, cookies would do the rest, but unfortunately not.
