This post goes out to the small minority of users that password protect their wp-admin directory against hackers via htpasswd files and the like. While I believe that using htaccess files to password protect the /wp-admin folder is a great idea, it does have it’s drawbacks.
Bettwer WP.net says: “There is one major drawback with this method, that is your normal visitors will also be prompted to provide the same pair of username/password you just choose when they fail to comment or when they login or signup. WordPress causes this issues because it requests for media files inside the wp-admin folder.”
To those of you using this method, I encourage you to look at this post on betterwp.net as it’s directed towards you.
FYI, no this isn’t a sponsored link lol, just figured I would show you guys how to fix this as I don’t believe that using the old AJAX methods in the plugin is safe.
to add some feedback: I just updated the plugin to version 2.4.13 after adding the ‘exception’ rule:
Allow from All
…to my wp-admin directory .htaccess file and found that it solved the issue for me. So thanks for the pointer!
The solution works with a password protected wp-admin directory, a wp-admin directory that only allows access to selected IP adresses and also to a combination of both. Added a ‘Works’ vote to the Plugin version.
Perhaps you could however consider a warning page for future distributions that does not require java-script. I have been looking for that but could not find it and also could not manage to make something on my own accords. I got a lot of warnings as in server warnings but no content warning for the visitors… The plugin you offer works fine but all visitors that have java-script disabled will of course see no warning.
When it would be no big effort for you to make the switch to a warning page that does not require java-script so that all visitors (except the search engines) get a warning served then that perhaps might be something to consider.
Greetings and thanks for the feedback and effort, damsko
- The topic ‘[Plugin: Content Warning] CWV2, WP-Admin protection, and you!’ is closed to new replies.