Knowledgebase
Password protect WordPress Admin directory broken admin-ajax
Posted by Premium Reseller on 25 October 2018 08:24 AM

If you password protect your WordPress Admin directory, Ajax functionality in front-end or plugins will not work correctly.

Please follow instruction below to fix that issue:

Open the .htaccess file located in your /wp-admin/ folder (This is NOT the main .htaccess file that we edited above).

In the wp-admin .htaccess file, paste the following code:

1
2
3
4
5
<Files admin-ajax.php>
    Order allow,deny
    Allow from all
    Satisfy any
</Files>

 

To password protect wp-login.php page:

Edit file /usr/local/apache/conf/includes/pre_virtualhost_global.conf

Add this line:

Include "/usr/local/apache/conf/includes/wordpressprotect.conf"

wordpressprotect.conf:

<LocationMatch "wp-login.php">
 AuthType basic
 AuthName "WordPress protection. To continue, enter Username: wp8 Password: 24"
 AuthUserFile /home/wp-admin-attack-htpasswd-file
 Require valid-user
 </LocationMatch>
 ErrorDocument 401 "Authentication required. To continue, enter Username: wp8 Password: 24"

wp-login.sh: auto generate username & password

echo "Generating random username (6 alphanumeric characters)..."
username=`cat /dev/urandom | tr -dc 'a-z0-9' | fold -w 6 | head -n 1`

echo "Generating two random numbers for math..."
n=$RANDOM
n1=$((RANDOM%20+10))
n2=$((RANDOM%9+1))
result=$(($n1 + $n2))

username="wp$n2"

echo "Creating and saving configuration file..."

CONFFILE="\n
<LocationMatch \"wp-login.php\">\n
AuthType basic\n
AuthName \"WordPress protection. To continue, enter Username: $username Password: $n1\"\n
AuthUserFile /home/wp-admin-attack-htpasswd-file\n
Require valid-user\n
</LocationMatch>\n
ErrorDocument 401 \"Authentication required. To continue, enter Username: $username Password: $n1\"\n
\n"


echo -e $CONFFILE > /usr/local/apache/conf/includes/wordpressprotect.conf
/bin/chmod 0755 /usr/local/apache/conf/includes/wordpressprotect.conf
/bin/rm -f /home/wp-admin-attack-htpasswd-file
/usr/bin/htpasswd -bc /home/wp-admin-attack-htpasswd-file $username $n1
/bin/chmod 0755 /home/wp-admin-attack-htpasswd-file

echo "Restarting Apache (and nginx if exists)..."
/etc/init.d/httpd restart
echo "All done!"

Add cron job:

15 1 * * * /script/wp-login.sh

(1 vote(s))
This article was helpful
This article was not helpful

Comments (0)