WordPress.org

Ready to get started?Download WordPress

Forums

[resolved] Wp-admin Password Protected Directory (12 posts)

  1. Mehdi
    Member
    Posted 1 year ago #

    Hello
    Yesterday I was hacked by some strangers. I've been advised to protect my " wp-admin " directory by usernames and passwords and I just did it. But there's a problem. Not only my " wp-admin" has been protected but also every single page and post of my website has been protected!
    It means when a person visits my website and click on a post to read, a form appears and wants them to fill the username and password. That's not what I wanted. I just wanted the Cpanel to be protected not the public posts.

    You can check the problem here :
    http://canot.ir/?p=5069

    How can I solve this problem?

    The blog I need help with is canot.ir.

  2. Sven D.
    Member
    Posted 1 year ago #

    Hi Mehdi

    You are asked for the password on every post because this file is loaded from the wp-admin folder:

    http://canot.ir/wp-admin/admin-ajax.php

    I guess you have used htaccess to protect the folder, and then you can add a few more lines to let everyone load this file (making it unprotected/without password).

  3. Sven D.
    Member
    Posted 1 year ago #

    You could try adding this to .htaccess in wp-admin:

    <Files admin-ajax.php>
    order allow,deny
    allow from all
    </Files>

    Good luck

  4. Mehdi
    Member
    Posted 1 year ago #

    Hi Sven D
    Thanks for your response.
    How can I add the above code to .htaccess I mean where should I add the code?
    I haven't found anything like that.

  5. Sven D.
    Member
    Posted 1 year ago #

    Let me reply as low tech as possible ;)

    If you can FTP to your servers (or get access via Control Panel) then try to open up for example NOTEPAD (windows program), copy and paste this in:

    <Files admin\-ajax\.php>
    order allow,deny
    allow from all
    </Files>

    And save as this file name: .htaccess

    Then transfer the file to you wp-admin and hopefully it will work (let your visitors read your posts without being asked for a username and password).

    If everything goes wrong, just delete the file same file you uploaded.

    If you feel unsure: contact your webhosts customer service ;)

    Good luck!

  6. Mehdi
    Member
    Posted 1 year ago #

    :-) sorry, I'm not that professional.
    I just found the file named .htaccess. It was hidden. The file contains the following code:

    # BEGIN WordPress

    # END WordPress

    <Files 403.shtml>
    order allow,deny
    allow from all
    </Files>

    I added your code to the above, but it didn't work :-(

  7. Sven D.
    Member
    Posted 1 year ago #

    This system file ( .htaccess ) is very "delicate" and may act difrently from server to server.

    Are you sure that the file you found is located in the wp-admin folder? If yes, then maybe you can try this:

    # BEGIN WordPress
    
    # END WordPress
    
    <Files 403.shtml>
     order allow,deny
     allow from all
    </Files>
    
    <Files "admin-ajax.php">
     order allow,deny
     allow from all
    </Files>
  8. Mehdi
    Member
    Posted 1 year ago #

    I've already tried that, it didn't work.

  9. Sven D.
    Member
    Posted 1 year ago #

    Try to ask you webhosts customer service ;)

    They might give you a hand

  10. Mehdi
    Member
    Posted 1 year ago #

    Thank you for your tips, Sven.

  11. Coolcash4live
    Member
    Posted 1 year ago #

    Helpful Sven.

    Thanks for this

  12. Mehdi
    Member
    Posted 1 year ago #

    Sven, You were almost there. This is the code:

    <Files admin-ajax.php>
        Order allow,deny
        Allow from all
        Satisfy any
    </Files>

    Thanks

Topic Closed

This topic has been closed to new replies.

About this Topic