WordPress.org

Support

Support » How-To and Troubleshooting » [Resolved] Wp-admin Password Protected Directory

[Resolved] Wp-admin Password Protected Directory

  • Mehdi
    Member

    @mahdinajafi1yahoocom

    Hello
    Yesterday I was hacked by some strangers. I’ve been advised to protect my ” wp-admin ” directory by usernames and passwords and I just did it. But there’s a problem. Not only my ” wp-admin” has been protected but also every single page and post of my website has been protected!
    It means when a person visits my website and click on a post to read, a form appears and wants them to fill the username and password. That’s not what I wanted. I just wanted the Cpanel to be protected not the public posts.

    You can check the problem here :
    http://canot.ir/?p=5069

    How can I solve this problem?

    The blog I need help with is canot.ir.

Viewing 11 replies - 1 through 11 (of 11 total)
  • Hi Mehdi

    You are asked for the password on every post because this file is loaded from the wp-admin folder:

    http://canot.ir/wp-admin/admin-ajax.php

    I guess you have used htaccess to protect the folder, and then you can add a few more lines to let everyone load this file (making it unprotected/without password).

    You could try adding this to .htaccess in wp-admin:

    <Files admin-ajax.php>
    order allow,deny
    allow from all
    </Files>

    Good luck

    Mehdi
    Member

    @mahdinajafi1yahoocom

    Hi Sven D
    Thanks for your response.
    How can I add the above code to .htaccess I mean where should I add the code?
    I haven’t found anything like that.

    Let me reply as low tech as possible 😉

    If you can FTP to your servers (or get access via Control Panel) then try to open up for example NOTEPAD (windows program), copy and paste this in:

    <Files admin\-ajax\.php>
    order allow,deny
    allow from all
    </Files>

    And save as this file name: .htaccess

    Then transfer the file to you wp-admin and hopefully it will work (let your visitors read your posts without being asked for a username and password).

    If everything goes wrong, just delete the file same file you uploaded.

    If you feel unsure: contact your webhosts customer service 😉

    Good luck!

    Mehdi
    Member

    @mahdinajafi1yahoocom

    🙂 sorry, I’m not that professional.
    I just found the file named .htaccess. It was hidden. The file contains the following code:

    # BEGIN WordPress

    # END WordPress

    <Files 403.shtml>
    order allow,deny
    allow from all
    </Files>

    I added your code to the above, but it didn’t work 🙁

    This system file ( .htaccess ) is very “delicate” and may act difrently from server to server.

    Are you sure that the file you found is located in the wp-admin folder? If yes, then maybe you can try this:

    # BEGIN WordPress
    
    # END WordPress
    
    <Files 403.shtml>
     order allow,deny
     allow from all
    </Files>
    
    <Files "admin-ajax.php">
     order allow,deny
     allow from all
    </Files>
    Mehdi
    Member

    @mahdinajafi1yahoocom

    I’ve already tried that, it didn’t work.

    Try to ask you webhosts customer service 😉

    They might give you a hand

    Mehdi
    Member

    @mahdinajafi1yahoocom

    Thank you for your tips, Sven.

    Coolcash4live
    Participant

    @coolcash4live

    Helpful Sven.

    Thanks for this

    Mehdi
    Member

    @mahdinajafi1yahoocom

    Sven, You were almost there. This is the code:

    <Files admin-ajax.php>
        Order allow,deny
        Allow from all
        Satisfy any
    </Files>

    Thanks

Viewing 11 replies - 1 through 11 (of 11 total)
  • The topic ‘[Resolved] Wp-admin Password Protected Directory’ is closed to new replies.