5

I want to allow only my IP address to access wp-admin but at the same time don't want the calls to admin-ajax.php be blocked. So I want to whitelist admin-ajax.php. Does the following code in .htaccess (placed in wp-admin directory) achieve these objectives:

#Protect wp-admin  
AuthUserFile /dev/null  
AuthGroupFile /dev/null  
AuthName "WordPress Admin Access Control"  
AuthType Basic  
<LIMIT GET>  
  order deny,allow  
  deny from all  
  allow from <my IP address>  
</LIMIT>  

#Allow access to wp-admin/admin-ajax.php  
<Files admin-ajax.php>  
  Order allow,deny  
  Allow from all  
  Satisfy any  
</Files>
Improve this question
3
  • What version of Apache are you using? Why the HTTP Basic Authentication directives? Are you having to override a parent config? Commented Jan 17, 2022 at 10:30
  • Sorry, my knowledge of these things is very limited. I am trying to create my own website and have done it is as per this: wpbeginner.com/wp-tutorials/… Commented Jan 17, 2022 at 11:58
  • I did some tests. The above script seems to be working correctly. It is blocking wp-admin access except for the allowed IP, while at the same time allowing access to admin-ajax.php for everyone. If anyone has any improvisations, please suggest. Commented Jan 19, 2022 at 8:48

2 Answers 2

Reset to default
1

You can tidy this up:

  • You need to put quotes (double or single) around your file name
  • You don't need to have "order allow, deny" since you are allowing all 1 line below.

Like this is fine:

<Files "admin-ajax.php">
Allow from all
Satisfy Any

</Files>
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

Create file .htaccess in /path/to/wordpress/wp-admin with this content and you should be good to go.

# Enable basic authentication
AuthType Basic
AuthName "Restricted Content"
AuthUserFile /path/to/secure/folder/.htpasswd
Require valid-user

# Allow access to admin-ajax.php without authentication
SetEnvIf Request_URI "^/wp-admin/admin-ajax\.php$" allow_ajax
Order allow,deny
Allow from env=allow_ajax
Satisfy any
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.