Serious problem with wp-admin Apache protection

  • Resolved enricolino

    (@enricolino)


    6 years, 9 months ago

    Dear Sir/Madan,

    I just discovered a “bug” of this great plugin (thanks a lot for it, it works greatly!). I use to protect my wp-admin folder using Apachi htaccess and, as I realized today, this interferes with GDPR cookie compliance. After setting the plugin, everything seems to work fine, but, if you visit the website and accept cookies, all of a sudden you get the authentication window popping up. This makes me suppose that your plugin calls somehow the administration area?! Could you please help me to solve this issue? It would be good for better security reasons. Looking forward to hearing from you at your earliest convenience…..

    Best regards

    Enrico

    P.S. At the moment I disabled the htaccess protection and just protected the wp-admin folder with 600 permissions.

    • This topic was modified 6 years, 9 months ago by enricolino.

    The page I need help with: [log in to see the link]

Viewing 2 replies - 1 through 2 (of 2 total)
  • MA

    (@gasparnemes)

    Hi There,

    Thanks for your comments.

    Unfortunately this issue is not related to the plugin, our plugin injects the scripts defined in the CMS using AJAX, and the default WordPress ajax-url is:
    https://yourdomain.com/wp-admin/admin-ajax.php and this is under wp-admin url!
    It’s not a best practice to protect the whole wp-admin directory with password as your Ajax scripts were blocked.
    You should whitelist the admin-ajax.php in your .htaccess file, or to apply the HTTP protection for the wp-login.php only.
    Read more about the issue here:
    https://www.wpwhitesecurity.com/wordpress-security-hacks/securing-wordpress-wp-admin-htaccess/

    I hope this makes sense to you.

    Thread Starter enricolino

    (@enricolino)

    Hello there Gaspar,

    thanks a lot for the tip. Following the instructions of the link you sent, I managed to fix the problem allowing front-end ajax functionality. Everything seems to be fine now….

    Thanks again

    Cheers

    Enrico

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Serious problem with wp-admin Apache protection’ is closed to new replies.