If you password protect your WordPress Admin directory, Ajax functionality in front-end or plugins will not work correctly.
Please follow instruction below to fix that issue:
Open the .htaccess file located in your /wp-admin/ folder (This is NOT the main .htaccess file that we edited above).
In the wp-admin .htaccess file, paste the following code:
1
2
3
4
5
|
<Files admin-ajax.php>
Order allow,deny
Allow from all
Satisfy any
</Files>
|
To password protect wp-login.php page:
Edit file /usr/local/apache/conf/includes/pre_virtualhost_global.conf
Add this line:
Include "/usr/local/apache/conf/includes/wordpressprotect.conf"
wordpressprotect.conf:
<LocationMatch "wp-login.php"> AuthType basic AuthName "WordPress protection. To continue, enter Username: wp8 Password: 24" AuthUserFile /home/wp-admin-attack-htpasswd-file Require valid-user </LocationMatch> ErrorDocument 401 "Authentication required. To continue, enter Username: wp8 Password: 24"
wp-login.sh: auto generate username & password
echo "Generating random username (6 alphanumeric characters)..." username=`cat /dev/urandom | tr -dc 'a-z0-9' | fold -w 6 | head -n 1`
echo "Generating two random numbers for math..." n=$RANDOM n1=$((RANDOM%20+10)) n2=$((RANDOM%9+1)) result=$(($n1 + $n2))
username="wp$n2"
echo "Creating and saving configuration file..."
CONFFILE="\n <LocationMatch \"wp-login.php\">\n AuthType basic\n AuthName \"WordPress protection. To continue, enter Username: $username Password: $n1\"\n AuthUserFile /home/wp-admin-attack-htpasswd-file\n Require valid-user\n </LocationMatch>\n ErrorDocument 401 \"Authentication required. To continue, enter Username: $username Password: $n1\"\n \n"
echo -e $CONFFILE > /usr/local/apache/conf/includes/wordpressprotect.conf /bin/chmod 0755 /usr/local/apache/conf/includes/wordpressprotect.conf /bin/rm -f /home/wp-admin-attack-htpasswd-file /usr/bin/htpasswd -bc /home/wp-admin-attack-htpasswd-file $username $n1 /bin/chmod 0755 /home/wp-admin-attack-htpasswd-file
echo "Restarting Apache (and nginx if exists)..." /etc/init.d/httpd restart echo "All done!"
Add cron job:
15 1 * * * /script/wp-login.sh
|