Don't ask me why, but my server dislikes all these modern security plugins, probably because of old software or something. I use an old AskApache which does nothing more than password protect wp-admin and takes care of wp-content and wp-includes. The silly thing is that it does not deal with the wp-login.php file (a feature that was added at my request in a version that I cannot use). Now this is of course not so difficult to make, but now I get a password request for the admin folder and then for the login file (the htaccess for the first is in the folder itself, that for the file in the root). Can't I combine the two? And if so, should I use the htaccess in the folder or in the root?
In the root:
# BEGIN login psw AuthName "give me your password or this computer will explode" AuthUserFile /findyourpasswordhere AuthType Basic <Files "wp-login.php"> require valid-user </Files> # END login psw
# BEGIN AskApache PassPro AuthName "give me another password or this computer will explode again" AuthUserFile /findyourpassword here AuthType Basic Order Deny,Allow Deny from all Require valid-user Satisfy Any <FilesMatch "\.(ico|pdf|flv|jpg|jpeg|png|gif|swf|css|js)$"> Allow from all </FilesMatch> # END AskApache PassPro
I figured that when I'd use the same password file, cookies would do the rest, but unfortunately not.