Support » Plugin: Wordfence Security » wp-admin htpasswd login field home page

  • For extra security I have set a htaccess pasword for the wp-admin folder. But now I get a login box on the homepage and I think this is because wordfence is loading te following file:

    <script type="text/javascript">var src="http://***.nl/wp-admin/admin-ajax.php?action=wordfence_logHuman&hid=F******************************B"; if(window.location.protocol == "https:"){ src = src.replace("http:", "https:"); } var wfHTImg = new Image(); wfHTImg.src=src;</script>

    What can I do about this?

Viewing 4 replies - 1 through 4 (of 4 total)
  • I have the same problem, I disabled wordfence.

    And I turned Wordfence back on.

    For anybody else that wants to restore Basic Auth to the admin area, here’s my workaround that seems to work:

    <FilesMatch "^(admin|dashboard|index|admin-header|admin-footer|edit|edit-tags|options-reading|site-new|user-new|users|sites|tools|post|upload|themes|post-new|widgets|nav-menus).php$">
    AuthName "WrodPress"
    AuthType Basic
    AuthUserFile /var/www/vhosts/
    Require valid-user

    For those who miss the significance, the password file is outside the
    AuthUserFile /var/www/vhosts/
    web hierarchy,
    AuthUserFile /var/www/vhosts/
    This is a second .htaccess file located in the wp-admin directory, the

    <files ~ "^.*\.([Hh][Tt][Aa])">
    order allow,deny
    deny from all

    is located in the primary .htaccess in the web root

    I fixed it by adding this code after the normal password protection htaccess:

    <FilesMatch "admin-ajax.php">
      Satisfy Any
      Allow from all

    I like yours better, but I don’t think I need to change mine again. I imagine as time goes on, there will be another library needed.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘wp-admin htpasswd login field home page’ is closed to new replies.