I'm running a WP+WOO site for a client and thought that a simple way to secure the admin login area would be to password protect it. The problem is that sometimes (especially on WooCommerce pages) there's one or two files that get called from /wp-admin and this triggers the login popup. I've googled a lot on how to do this with htaccess but I couldn't find anything, and the closes thing I found is 10 years old and is not working for me.

Any ideas on how to achieve this?

I'm running a WP+WOO site for a client and thought that a simple way to secure the admin login area would be to password protect it. The problem is that sometimes (especially on WooCommerce pages) there's one or two files that get called from /wp-admin and this triggers the login popup. I've googled a lot on how to do this with htaccess but I couldn't find anything, and the closes thing I found is 10 years old and is not working for me.

Any ideas on how to achieve this?

• htaccess

Share Improve this question asked Jul 18, 2020 at 23:24 JayJay 1111 silver badge55 bronze badges 2

• 1 Questions about WordPress are out of scope here at Super User – Ramhound Commented Jul 18, 2020 at 23:37
• You mean /wp-admin/admin-ajax.php ? Yes, that was used for AJAX requests before the new REST API, and it looks like WooCommerce does still use it, yes. Can you make an exception for that in your authentication config? Is there anything else it tries to request? – Rup Commented Jul 19, 2020 at 0:54

Add a comment  | 

1 Answer 1

Sorted by: Reset to default 2

As far as I know, the few files that you are talking about are always going to be the same, that means you can add exceptions to your .htaccess and "let them go through the cracks".

With an example of code from what you wrote so far may help us direct you on how to proceed to do this.

Here is an example of how this is generally done although that uses old code (Allow/Deny) which I don't recommend. It shows you how to change the Deny into an Allow using the <FilesMatch> tag.