Yes, Wordfence requires access to admin-ajax.php, and some other plugins do as well.
If you blocked access to wp-admin in your .htaccess file, you can use code similar to this to still allow admin-ajax.php to be accessed:
Blocking wp-admin
Use only the bottom portion — it may also need adjustment, depending on how you blocked wp-admin.
-Matt R
AuthUserFile /path/to/your/htpasswd================
if it’s in the same folder like (wp-admin), can i just put “wp-admin”
AuthName “Restricted Resource” – what does it mean?
Last question. If didn’t put the pass in wp-admin – so wordfense doesn’t secure it?
Since you are already blocking wp-admin by some method, you would only need the bottom portion, to unblock admin-ajax.php:
# This is the whitelisting of the ajax handler
<Files admin-ajax.php>
Order allow,deny
Allow from all
Satisfy any
</Files>
AuthName is just the prompt that appears to a visitor in the password box, so if you’re blocking using some other code, that won’t be needed.
Blocking wp-admin with .htaccess is not necessary with the way that Wordfence works, but some people like to do it as an added layer of security.
-Matt R
