Wp-admin Password Protected Directory

  • Resolved Mehdi

    (@mahdinajafi1yahoocom)


    12 years, 2 months ago

    Hello
    Yesterday I was hacked by some strangers. I’ve been advised to protect my ” wp-admin ” directory by usernames and passwords and I just did it. But there’s a problem. Not only my ” wp-admin” has been protected but also every single page and post of my website has been protected!
    It means when a person visits my website and click on a post to read, a form appears and wants them to fill the username and password. That’s not what I wanted. I just wanted the Cpanel to be protected not the public posts.

    You can check the problem here :
    https://canot.ir/?p=5069

    How can I solve this problem?

    The blog I need help with is canot.ir.

Viewing 11 replies - 1 through 11 (of 11 total)

  • Hi Mehdi

    You are asked for the password on every post because this file is loaded from the wp-admin folder:

    https://canot.ir/wp-admin/admin-ajax.php

    I guess you have used htaccess to protect the folder, and then you can add a few more lines to let everyone load this file (making it unprotected/without password).

    You could try adding this to .htaccess in wp-admin:

    <Files admin-ajax.php>
order allow,deny
allow from all
</Files>

    Good luck

    Thread Starter Mehdi

    (@mahdinajafi1yahoocom)

    Hi Sven D
    Thanks for your response.
    How can I add the above code to .htaccess I mean where should I add the code?
    I haven’t found anything like that.

    Let me reply as low tech as possible ??

    If you can FTP to your servers (or get access via Control Panel) then try to open up for example NOTEPAD (windows program), copy and paste this in:

    <Files admin\-ajax\.php>
order allow,deny
allow from all
</Files>

    And save as this file name: .htaccess

    Then transfer the file to you wp-admin and hopefully it will work (let your visitors read your posts without being asked for a username and password).

    If everything goes wrong, just delete the file same file you uploaded.

    If you feel unsure: contact your webhosts customer service ??

    Good luck!

    Thread Starter Mehdi

    (@mahdinajafi1yahoocom)

    ?? sorry, I’m not that professional.
    I just found the file named .htaccess. It was hidden. The file contains the following code:

    # BEGIN WordPress

    # END WordPress

    <Files 403.shtml>
    order allow,deny
    allow from all
    </Files>

    I added your code to the above, but it didn’t work ??

    This system file ( .htaccess ) is very “delicate” and may act difrently from server to server.

    Are you sure that the file you found is located in the wp-admin folder? If yes, then maybe you can try this:

    # BEGIN WordPress

# END WordPress

<Files 403.shtml>
 order allow,deny
 allow from all
</Files>

<Files "admin-ajax.php">
 order allow,deny
 allow from all
</Files>
    Thread Starter Mehdi

    (@mahdinajafi1yahoocom)

    I’ve already tried that, it didn’t work.

    Try to ask you webhosts customer service ??

    They might give you a hand

    Thread Starter Mehdi

    (@mahdinajafi1yahoocom)

    Thank you for your tips, Sven.

    Helpful Sven.

    Thanks for this

    Thread Starter Mehdi

    (@mahdinajafi1yahoocom)

    Sven, You were almost there. This is the code:

    <Files admin-ajax.php>
    Order allow,deny
    Allow from all
    Satisfy any
</Files>

    Thanks

Viewing 11 replies - 1 through 11 (of 11 total)
  • The topic ‘Wp-admin Password Protected Directory’ is closed to new replies.