TechQA.

Protect wp-admin while whitelisting admin-ajax.php

1.7k views Asked by At

I want to allow only my IP address to access wp-admin but at the same time don't want the calls to admin-ajax.php be blocked. So I want to whitelist admin-ajax.php. Does the following code in .htaccess (placed in wp-admin directory) achieve these objectives:

#Protect wp-admin  
AuthUserFile /dev/null  
AuthGroupFile /dev/null  
AuthName "WordPress Admin Access Control"  
AuthType Basic  
<LIMIT GET>  
  order deny,allow  
  deny from all  
  allow from <my IP address>  
</LIMIT>  

#Allow access to wp-admin/admin-ajax.php  
<Files admin-ajax.php>  
  Order allow,deny  
  Allow from all  
  Satisfy any  
</Files>
wordpress .htaccess ip wp-admin admin-ajax
Original Q&A
2

There are 2 answers

0
Silicon Dales On

You can tidy this up:

  • You need to put quotes (double or single) around your file name
  • You don't need to have "order allow, deny" since you are allowing all 1 line below.

Like this is fine:

<Files "admin-ajax.php">
Allow from all
Satisfy Any

</Files>
0
Janiis On

Create file .htaccess in /path/to/wordpress/wp-admin with this content and you should be good to go.

# Enable basic authentication
AuthType Basic
AuthName "Restricted Content"
AuthUserFile /path/to/secure/folder/.htpasswd
Require valid-user

# Allow access to admin-ajax.php without authentication
SetEnvIf Request_URI "^/wp-admin/admin-ajax\.php$" allow_ajax
Order allow,deny
Allow from env=allow_ajax
Satisfy any

Related Questions in WORDPRESS

Related Questions in .HTACCESS

Related Questions in IP

Related Questions in WP-ADMIN

Related Questions in ADMIN-AJAX

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json

Trending Questions