.htaccess on wp-admin causes login dialog viewing photos

The wp-ajax file is also required if ‘Ajax is on’ (Table IV-A1)

I looked at that entry (table IV-A1) and it is not checked. Any other suggestions?

–Bill

In case it helps I have put the current version of WPPA on the site so you can see what’s happening. (this site isn’t that critical so I don’t mind if its busted for a couple of days ?? )

The site is https://www.billthompson.us

Just bring up the photo albums from the main menu, pick an album, click on a thumbnail to enlarge a photo and you’ll get the login box.

–Bill

I am not so familiar with .htaccess but if you show me the content and the exact location it resides, i might have a clue…

It is a small file residing in the wp-admin folder that is used to password protect access to the folder. It makes it more difficult for an unauthorized user to get into wp-admin, the wordpress admin login itself is not really tight security. With this file, any time I want to get into WordPress to do maintenance I have a login box which has a different name and password from the regular WordPress login.

The file looks like this:
—-
AuthName “Member’s Area Name”
AuthUserFile /path/to/password/file/.htpasswd
AuthType Basic
require valid-user
—-
Obviously the info in the file is replaced with real info.

Here’s a nice tutorial I found:

https://www.htaccess-guide.com/password-protection/

My WordPress security plugin detects if there is not an .htaccess file for the wp-admin folder and highly recommends creating one for extra security.

I think what is happening is that WPPA wants access to that folder for some reason when it displays a full-size photo and because its protected by .htaccess it generates a dialog box.

Again, this didn’t happen on v 5.0.16, it seemed to start somewhere around 5.1.1 or so (not exactly sure of the exact version.

I can always just revert to 5.0.16 and make the problem go away but I really like to stay current.

Can you think of anything that changed after 5.0.16 to require access to wp-admin that wasn’t there earlier?

–Bill

Got it!

Since version 5.1.0 the number of views is registered. As soon as a fullsize image is opened the viewcount is bumped ( only one time per session ) via an ajax call. See function _bumpViewCount(photo) in wppa.js

a. It seems to be possible to exclude the wp-ajax.php from the password question, pls do not ask me how…
b. Do you want it switch-offable?
c. I will investigate an ajax method not requiring an admin file, this will take a few weeks, however. Preferrably wait until this…

Sure, no hurry at all on this. I’ll just revert to 5.0.16 for a bit, I imagine you’re quite busy and this is not an emergency.

Thanks for the wonderful support for a wonderful plugin!

–Bill

There is a pre-release of 5.1.17 available here.

It needs manual installation ( download, unzip, ftp, VISIT SETTINGS PAGE! ( and do nothing ) ) that should do it.

Please test it before i will release it.

I did a quick test this morning and the problem appears to be fixed! Thanks so much, nice work. Microsoft doesn’t give us this kind of support ??

Note: I didn’t do extensive testing on WPPA, I’m not using many of its features, so hopefully nothing else got affected but everything I looked at works fine.

–Bill

Nobody can test everything, even i can’t, but now we know my statement that you can protect wp-admin ( for as far as wppa+ is involved ) holds.

Thanx for testing.