Hi again,
I still have this problem. Because I deactivated all other plugins and the problem persists, my conclusion is that it’s an bbPress issue.
So, my question goes to someone from bbPress: do authenticated forum visitors (participants) need access to /wp-admin directory in order to browse topics and posts?
Thank you for any answer.
P.S. I deactivated all plugins except for bbpress. No change.
@xmasons Thank you.
I added it at the end of functions.php (infocus-buddypress theme). Unfortunately no change.
But now I know that it is something in wp-login.php; although wp-login is not in the /wp-admin folder, when I press the ‘Log in’ button (without even typing something in the username or password fields) immediately is asking for the /wp-admin password set in the .htaccess.
I use the bbPress Login widget on the forum’s left sidebar.
edit: I tried to remove all the widgets, unsuccessfully (because I noticed the “Lost Password” link refers to /wp-admin).
@xmasons If I knew how to do this.. 😀
Yes, sure
`
AuthType Basic
AuthName “wp-admin”
require valid-user
AuthUserFile “/home/vssracin/.htpasswds/public_html/vssracing/wp-admin/passwd”
Files “admin-ajax.php”>
Satisfy any
Order allow,deny
Allow from all
/Files>
`
Update to update: the problem is not fixed. Mea culpa.
Does anyone have a solution to this?
UPDATE:
I’ve added this to .htaccess and apparently the problem is gone, for now:
<Files "admin-ajax.php"
Satisfy any
Order allow,deny
Allow from all
</Files
I found it here: https://wordpress.org/support/topic/plugin-ajax-event-calendar-aec-htaccess-and-admin-ajaxphp?replies=2
@mzaweb Thank you Daniel, but I don’t meet the requirements listed at the beginning, to understand the “AJAX_in_Plugins” :=) (I have read it anyway, why not?).
Isn’t there any other simpler way to make an exception, as adding an “exception” line in .htaccess, or something like this?
I thought that’s a common problem with a common solution as bbpress has been around for a while and protecting /wp-admin isn’t new either.
Thanks.
