On the Internets you will find many posts that explain how to use a password protection on your back-end using a auth password.
There is a problem
But there is one big problem with that is it will break all your admin-ajax.php
and admin-post.php
requests.
In the WordPress Codex you will find a page that will explains how to implement AJAX. You’ll read that admin-ajax.php
lives in /wp-admin/
.
Using a password protection for this directory, you’re blocking access to that file which means that all AJAX requests will be broken.
There is a solution
You can correctly do this, but there is only one good way:
[pastacode lang=”markup” manual=”AuthType%20Basic%0AAuthName%20%22Protected%20page%22%0AAuthUserFile%20%2Fhome%2F.htpasswd%0A%0ARequire%20valid-user%0A%3CFiles%20admin-ajax.php%3E%0A%20%20Order%20allow%2Cdeny%0A%20%20Allow%20from%20all%0A%20%20Satisfy%20any%0A%3C%2FFiles%3E%0A%3CFiles%20admin-post.php%3E%0A%20%20Order%20allow%2Cdeny%0A%20%20Allow%20from%20all%0A%20%20Satisfy%20any%0A%3C%2FFiles%3E%0A%3CFiles%20%22%5C.(css%7Cgif%7Cpng%7Cjs)%24%22%3E%0A%20%20Order%20allow%2Cdeny%0A%20%20Allow%20from%20all%0A%20%20Satisfy%20any%0A%3C%2FFiles%3E” message=”” highlight=”” provider=”manual”/]
Doing that, you’ll block your/wp-admin
folder but NOT for theajax/post
and content files likejpg/css/js
. This, is the way to do it.
You can use htaccesstools.com to generate you .htpasswd
file then copy it in your server like in the example: /home/.htpasswd
.
Now, remember, that password protection is NOT the only way to protect your content and files. Our SecuPress plugin will easily help you to do that without having to touch any line of code.