On the Internets you will find many posts that explain how to use a password protection on your back-end using a auth password. There is a problem But there is one big problem with that is it will break all your admin-ajax.php and admin-post.php requests. In the WordPress Codex you will find a page that will explains how to implement AJAX. You’ll read that admin-ajax.php lives in /wp-admin/. Using a password protection for this directory, you’re blocking access to that file which means that all AJAX requests will be broken. There is a solution You can correctly do this, but there is only one good way: AuthType Basic AuthName "Protected page" AuthUserFile /home/.htpasswd Require valid-user <Files admin-ajax.php> Order allow,deny Allow from all Satisfy any </Files> <Files admin-post.php> Order allow,deny Allow from all Satisfy any </Files> <Files "\.(css|gif|png|js)$"> Order allow,deny Allow from all Satisfy any </Files> Doing that, you’ll block your/wp-admin folder but NOT for theajax/post and content files likejpg/css/js. This, is the way to do it. You can use htaccesstools.com to generate you
Share This