Plugin Author
AITpro
(@aitpro)
If you do not allow visitors to register, login and post comments on your website then you can use BasicAuth Directory Password protection. You would set that up in your web host control panel and .htaccess code will be automatically added to your wp-admin .htaccess file when you do that.
You would then need to copy that .htaccess code that your host creates in the wp-admin .htaccess file to this BPS Custom Code text box: CUSTOM CODE WPADMIN TOP: Add wp-admin password protection, IP whitelist allow access & miscellaneous custom code here, click the Save wp-admin Custom Code button and activate wp-admin BulletProof Mode again.
Thread Starter
mrppp
(@mrppp)
well i do allow people to post but from a front end login
Plugin Author
AITpro
(@aitpro)
Then I assume what you are saying is you have other designated people who log into the site to create Posts and you do NOT allow random visitors to your website to post comments. If this is true and you add BasicAuth Directory Password Protection then you will need to provide the Directory Password Protection login credentials to all the people you DO allow to login to your site.
Thread Starter
mrppp
(@mrppp)
i let anyone post but they login front end and do not need to access the page /wp-admin as such if that makes sense
Plugin Author
AITpro
(@aitpro)
Then you cannot use BasicAuth Directory Password Protection.
Anyone who logs into your website needs to be able to access the /wp-admin folder in order to be able to login to your website.
Create a test Subscriber user account on your website by registering to your site and login to the site and you will see why you cannot use Directory Password Protection.
Thread Starter
mrppp
(@mrppp)
ok, i was just hoping i could only allow access to the front end login with ajax, then block access to login, or prevent that page wp-admin being accessed
Plugin Author
AITpro
(@aitpro)
The problem with that is the WordPress admin-ajax.php file is located in the /wp-admin folder. 😉 Personally I think it is a silly and unnecessary thing to add Directory Password Protection to the /wp-admin folder. The logic is this: The /wp-admin folder already has authentication protection so adding a second authentication for the /wp-admin folder does not make it any more secure = silly.
Plugin Author
AITpro
(@aitpro)
Type this URL into your Browser Address bar: yourWebsiteDomain.com/wp-admin/admin.php 😉
Thread Starter
mrppp
(@mrppp)
i can access the login with that but url is
http://mydomain/wp-login.php?redirect_to=http%3A%2F%2Fwww.mydomain%2Fwp-admin%2Fadmin.php&reauth=1
Plugin Author
AITpro
(@aitpro)
Yes, that is correct because if you try to access the /wp-admin/ folder directly then WordPress will force you to login first by redirecting you to the login page.
Thread Starter
mrppp
(@mrppp)
right i see so access to the folder will always get redirected to login, so keep limit login attempts set
but that actual page can’t be hidden so only login is available from my front end i.e access to /wp-admin would redirect to mysite.com
Thread Starter
mrppp
(@mrppp)
have you tried Better WP Security By Bit51 running with BPS, couple of features i like on that but don’t want to conflict with this.
one was the automated DB backup and the other the File Change Detection
Plugin Author
AITpro
(@aitpro)
We have tested Better WP Security before and it works with BPS, but there are some known common issues and problems with that plugin so you should check that plugin’s support forum for solutions to those problems. We only handle BPS solutions. 😉
