Hi there!
Check that your .htaccess file includes the following instructions:
<Files admin-ajax.php>
Order allow,deny
Allow from all
Satisfy any
</Files>
Thread Starter
Dot22
(@dot22)
Actually this is the code of my .htaccess file…
AuthType Basic
AuthName "/www/path/wp-admin/"
AuthUserFile /var/path/43109648.passwd
<Limit GET POST>
require valid-user
</Limit>
<Files admin-ajax.php>
Order allow,deny
Allow from all
Satisfy any
</Files>
But it didn’t work. The front-end side of the site continue asking for username and password. Maybe the .htaccess ignores the exception?
Try placing the admin-ajax.php part at the top of your .htaccess file and see if it helps.
Thread Starter
Dot22
(@dot22)
Thanks again for the answer but it didn’t work… The front-end site continue asking for a user/pass on all the pages except index.php =(
Honestly, I don’t remember the exact configuration I had to make it work (I updated my WP setup recently and accidentally removed password protection in the process).
How about this?
# Allow plugin access to admin-ajax.php around password protection
<Files admin-ajax.php>
Order allow,deny
Allow from all
Satisfy any
</Files>
AuthType Basic
AuthName "Admin only"
AuthUserFile "/path/to/your/43109648.passwd"
require valid-user
Remember to update the AuthUserFile path.
Thread Starter
Dot22
(@dot22)
Sadly, the problem persists. I pasted that code on the .htaccess file inside /wp-admin folder and also changed the AuthUserFile path but didn’t work.
The plugin is awesome.. there’s any alternative to continue using it and make WP admin panel more secure?
I just tested it locally and WPP is able to execute AJAX requests while wp-admin remains password protected.
Are you using a plugin to secure your wp-admin folder?
Wait, you said:
The front-end site continue asking for a user/pass on all the pages
… it doesn’t do that for me. Even if I don’t authenticate. Did you add the password protection code to your root .htaccess file as well?
Thread Starter
Dot22
(@dot22)
I don’t use any plugin to strength the security of wp-admin folder. Just the .htaccess file. I’ve done a fresh install of WordPress with WordPress Popular Posts only.
The password protection code is only on the wp-admin folder. I have two .htaccess…
Inside /wp-admin folder:
# Allow plugin access to admin-ajax.php around password protection
<Files admin-ajax.php>
Order allow,deny
Allow from all
Satisfy any
</Files>
AuthType Basic
AuthName "Admin only"
AuthUserFile "/var/www/inesc/data/etc/43109648.passwd"
require valid-user
On main WordPress directory:
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
The result: all the pages on the front-side of the site (except index.php) are asking for a user/pass. Thanks again for all the help and replies!
Just password protected my site’s wp-admin folder using hosting’s control panel. The only difference I see in the generated code vs the one I posted above is that instead of require valid-user I have require my_username_here:
# I added this bit to the generated code
<Files admin-ajax.php>
Order allow,deny
Allow from all
Satisfy any
</Files>
# Below this lies the generated code
# DO NOT REMOVE THIS LINE AND THE LINES BELOW
AuthType Basic
AuthName "Restricted Access"
AuthUserFile /path/to/password_file
Require user my_username_here
# DO NOT REMOVE THIS LINE AND THE LINES ABOVE
As you can see, the rest of the code is basically the same.
You may want to check with your hosting, maybe they’ll be able to help you figure out what’s going on.
Thread Starter
Dot22
(@dot22)
Thanks for the help Hector! I’m checking with the hosting if there is any restriction or problem regarding .htaccess exception.
If I can solve the problem I’ll update this post with the solution (or at least the cause of the problem). Thanks again, and your plugin is awesome! =)
