Problems when htaccess protection wp admin
-
Hi,
I feel like I am going crazy. My .htaccess password protection worked before; now I made some changes (‘hardening wordpress’ by tutorials on your site an installing wordfence). Now for finishing this I tried to set htaccess von wp admin. The problem is: Everytime I add code to .htaccess my /wp-admin/ path starts to direct me to http://*.*/wp-login.php?redirect_to=http%3A%**%2Fwp-admin%2F&reauth=1. On this page i get my templates ‘nothing found’ page shown.
I am using this htaccess:# Block the include-only files. <IfModule mod_rewrite.c> RewriteEngine On RewriteBase / RewriteRule ^wp-admin/includes/ - [F,L] RewriteRule !^wp-includes/ - [S=3] RewriteRule ^wp-includes/[^/]+\.php$ - [F,L] RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L] RewriteRule ^wp-includes/theme-compat/ - [F,L] </IfModule> #WFIPBLOCKS - Do not remove this line. Disable Web Caching in Wordfence to remove this data. Order Deny,Allow #Do not remove this line. Disable Web Caching in Wordfence to remove this data - WFIPBLOCKS #WFCACHECODE - Do not remove this line. Disable Web Caching in Wordfence to remove this data. <IfModule mod_deflate.c> AddOutputFilterByType DEFLATE text/css text/x-component application/x-javascript application/javascript text/javascript text/x-js text/html text/richtext image/svg+xml text/plain text/xsd text/xsl text/xml image/x-icon application/json <IfModule mod_headers.c> Header append Vary User-Agent env=!dont-vary </IfModule> <IfModule mod_mime.c> AddOutputFilter DEFLATE js css htm html xml </IfModule> </IfModule> <IfModule mod_mime.c> AddType text/html .html_gzip AddEncoding gzip .html_gzip AddType text/xml .xml_gzip AddEncoding gzip .xml_gzip </IfModule> <IfModule mod_setenvif.c> SetEnvIfNoCase Request_URI \.html_gzip$ no-gzip SetEnvIfNoCase Request_URI \.xml_gzip$ no-gzip </IfModule> <IfModule mod_headers.c> Header set Vary "Accept-Encoding, Cookie" </IfModule> <IfModule mod_rewrite.c> #Prevents garbled chars in cached files if there is no default charset. AddDefaultCharset utf-8 #Cache rules: RewriteEngine On RewriteBase / RewriteCond %{HTTPS} on RewriteRule .* - [E=WRDFNC_HTTPS:_https] RewriteCond %{HTTP:Accept-Encoding} gzip RewriteRule .* - [E=WRDFNC_ENC:_gzip] RewriteCond %{REQUEST_METHOD} !=POST RewriteCond %{HTTPS} off RewriteCond %{QUERY_STRING} ^(?:\d+=\d+)?$ RewriteCond %{REQUEST_URI} (?:\/|\.html)$ [NC] RewriteCond %{HTTP_COOKIE} !(comment_author|wp\-postpass|wf_logout|wordpress_logged_in|wptouch_switch_toggle|wpmp_switcher) [NC] RewriteCond %{REQUEST_URI} \/*([^\/]*)\/*([^\/]*)\/*([^\/]*)\/*([^\/]*)\/*([^\/]*)(.*)$ RewriteCond "%{DOCUMENT_ROOT}/wp-content/wfcache/%{HTTP_HOST}_%1/%2~%3~%4~%5~%6_wfcache%{ENV:WRDFNC_HTTPS}.html%{ENV:WRDFNC_ENC}" -f RewriteRule \/*([^\/]*)\/*([^\/]*)\/*([^\/]*)\/*([^\/]*)\/*([^\/]*)(.*)$ "/wp-content/wfcache/%{HTTP_HOST}_$1/$2~$3~$4~$5~$6_wfcache%{ENV:WRDFNC_HTTPS}.html%{ENV:WRDFNC_ENC}" [L] </IfModule> #Do not remove this line. Disable Web caching in Wordfence to remove this data - WFCACHECODE # BEGIN WordPress <IfModule mod_rewrite.c> RewriteEngine On RewriteBase / RewriteRule ^index\.php$ - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] </IfModule> # END WordPress # Wordfence WAF <IfModule lsapi_module> php_value auto_prepend_file '/home/.../public_html/.../wordfence-waf.php' </IfModule> <Files ".user.ini"> <IfModule mod_authz_core.c> Require all denied </IfModule> <IfModule !mod_authz_core.c> Order deny,allow Deny from all </IfModule> </Files> # END Wordfence WAF# Auth protect wp-login.php
<Files wp-login.php>
AuthType Basic
AuthName “Restricted Area”
AuthUserFile /home/…/public_html/…/.htpasswd <– its correct
Require valid-user
</Files>
# Deny access to important files
<FilesMatch “(\.htaccess|\.htpasswd)”>
Require all denied
</FilesMatch>`Anyone any idea???? THANK YOU VERY VERY MUCH!
To add password protection I use this
The topic ‘Problems when htaccess protection wp admin’ is closed to new replies.