#1 WordPress forum plugin created by gVectors Team

wpForo – WordPress Forum Plugin
  • Home
  • Forum
  • Migrate to wpForo
  • Addons
  • Addons Demo
  • Documentation

Forum

Home | Forum

wpDiscuz - WordPress Comment Plugin
  • Forums
  • Members
  • Recent Posts
Forums
Main Support Forums
How-to and Troubles...
WpForo not working ...
 
Share:
Share
Tweet
Share
Notifications
Clear all

WpForo not working when auth protected wp-admin folder

    Last Post
RSS

bba01
Posts: 17
 bba01
Topic starter
September 10, 2019 8:09 pm
(@bba01)
Active Member
Joined: 5 years ago

Hi!

When I password protect my wp-admin folder with auth (all allowed for wp-admin ajax) I run into trouble.

 

What happens: What happens is that a forum that is shown for everybody (guests) is working but when the users try to enter a forum that's only visible for certain user roles they a required to enter the directory password even though they have access to the forum part with the user role they have.

 

What I expect: Everyone, no one, no matter which user roles they have and which part of the forum they are visiting, should be requested to enter the directory password for wp-admin.

 

How do I solve this as this is an important part of the Wordpress security?

 

With best regards,

 

bb

5 Replies
Anonymous20
Posts: 1602
 Anonymous20
September 10, 2019 9:24 pm
(@anonymous20)
Noble Member
Joined: 6 years ago

"this is an important part of the Wordpress security". Of cource Not. Password protecting anything, doesn't offer any security. It only complicates things. Same with "security by obscurity", hiding things like login and register etc etc.

There are plently of security plugins that protect your Wordpress that work seemlessly with all plugins.

 

Reply
2 Replies
bba01
 bba01
(@bba01)
Joined: 5 years ago

Active Member
Posts: 17
September 11, 2019 2:59 pm
Reply toAnonymous20Anonymous20

@anonymous20, please consider being more humble in your responses.

 

I didn't ask about your opinion on my security. I asked what to do when using folder password on wp-admin with wpforo.

 

With best regards,

 

bb

 

Reply
Anonymous20
 Anonymous20
(@anonymous20)
Joined: 6 years ago

Noble Member
Posts: 1602
September 11, 2019 3:06 pm
Reply tobba01bba01
Anonymous20
Posted by: @bba01

@anonymous20, please consider being more humble in your responses.

 

I didn't ask about your opinion on my security. I asked what to do when using folder password on wp-admin with wpforo.

 

No problem. Good luck.

Reply
Sofy
Posts: 4057
Sofy - Facebook Sofy - Twitter
 Sofy
Admin
September 12, 2019 11:12 am
(@sofy)
Support Team
Joined: 4 years ago

Hi @bba01,

Thank you for contacting us.

To tell the truth, this is the first time I've faced with such a question. wpForo doesn't have relation to the WordPress protection system. wpForo uses the WordPress native ajax requests system, which uses /wp-admin/admin-ajax.php file

Please check out the following article by WordPress team. Here you'll find information on how to make your WordPress login system more protected without breaking ajax functionality. 

This is a quote from the article, which explains why it's not recommended password protecting wp-admin:

Password protecting your wp-login.php file (and wp-admin folder) can add an extra layer to your server. Because password protecting wp-admin can break any plugin that uses ajax on the front end, it’s usually sufficient to just protect wp-login.php.

The whole article can be found here: 

https://wordpress.org/support/article/brute-force-attacks/#password-protect-wp-login-php

In this support topic, you'll find a solution on how to password protect all /wp-admin/ folder and at the same time exclude /wp-admin/admin-ajax.php file.

https://wordpress.org/support/topic/how-safe-is-to-allow-access-to-admin-ajax-php/

The solutions are not checked by our team, but we hope it'll be helpful for you. If those solutions don't satisfy you, please contact the WordPress support team to get more correct solutions to solve this issue. 

In case you want to say thank you !)
We'd really appreciate and be thankful if you leave a good review on plugin page. This is the best way to say thank you to this project and support team.

Reply
bba01
Posts: 17
 bba01
Topic starter
September 18, 2019 5:51 pm
(@bba01)
Active Member
Joined: 5 years ago

Hi @sofy and thanks for answering!

In my setup I've already allowed admin-ajax.php to be accessed by anyone but I still have the same problem. Are you sure wpforo doesn't use anything else from wp-admin when accessing a forum that only allows a certain forum user role?

One fix is of course to only protect the wp-login.php with an extra layer of security using auth but somehow it feels better to have the whole directory password protected...

With best regards,

 

bb

Reply
  All forum topics
  Previous Topic
Next Topic  

Forum Search

Join Us!

Download wpForo plugin
on WordPress.org

wpForo Addons

wpforo-private-messages wpforo-advanced-attachments-128x128 wpforo-embeds-128x128 wpForo User Custom Fields addon wpForo – Blog Cross Posting addon wpForo Ads Manager wpForo – WooCommerce Memberships Integration wpForo Emoticons wpForo – Tenor GIFs Integration
View all Addons »

Recent Topics

  • Set password link opens forum login page instead of set password page

    By JanJan, 19 mins ago

  • User banned for using icons?

    By JanJan, 41 mins ago

  • Font Awesome Icons

    By seancallahan, 2 days ago

  • Notification bell order

    By teepeenomad, 3 days ago

  • Not İndexing

    By selinahub, 3 days ago

  • H1 to H6 title tags : remove

    By venus, 4 days ago

Topic Tags

  • css52
  • translation50
  • plugin conflict48
  • seo47
  • new features45
  • buddypress43
  • avatar41
  • moderation40
  • ultimate member40
  • login40
  • forum40
  • registration37
  • threaded layout35
  • cache34
  • editor33
  • menu33
  • shortcode32
  • spam31
  • forum accesses30
  • widget29
View all tags (2188)

Recent Posts

  • RE: Set password link opens forum login page instead of set password page

    Which other information to you require to check this? I...

    By JanJan, 8 mins ago

  • User banned for using icons?

    Hi, One of our legitimate forum users got banned. He ...

    By JanJan, 41 mins ago

  • Font Awesome Icons

    To start, I do not have any caching setup on the site o...

    By seancallahan, 2 days ago

  • RE: Is there a way to add safety features?

    @chris Is there a way for me to install 2.0 on my site ...

    By seancallahan, 2 days ago

  • RE:

    By Anonymous, 53 years ago

  • RE: Notification bell order

    @tutrix Brilliant, thank you for this! Although, it ...

    By teepeenomad, 2 days ago

  • RE: wpForo 2.0.0.1 beta version is released for beta testers!

    Added, thank you.

    By Robert, 3 days ago

Share:
Share
Tweet
Share
  Forum Statistics
21 Forums
9,929 Topics
50.2 K Posts
7 Online
47.8 K Members

Latest Post: Set password link opens forum login page instead of set password page Our newest member: Janetross Recent Posts Unread Posts Tags

Forum Icons: Forum contains no unread posts Forum contains unread posts

Topic Icons: Not Replied Replied Active Hot Sticky Unapproved Solved Private Closed

Powered by wpForo | Copyright © 2016-2022 gVectors Team
Copyright Registration Service - Click here for more information or to register work
wpForo is Registered with the IP Rights Office
Copyright Registration Service

Ref: 4477265538
  • Home
  • Forum
  • Migrate to wpForo
  • Addons
  • Addons Demo
  • Documentation