Blocking wp-login in HTACCESS has also blocked password protected pages

Unfortunately a Password Protected post uses the wp-login.php file to process the password authentication for a post. So your Apache snippet of blocking all but those specific IPs is going to apply to anything that is password protected as well.

You can get nerdy and read code. In here you can see that Post Password form’s action is set to run that data through wp-login.php?action=postpass

So that is the bad news, BUT:

I wonder if trying to open that up so that your other files in WP can access those files? (I am just purely guessing at this point)

# Block access to wp-login.php.
<Files wp-login.php>
order deny,allow
allow from 192...(ip)
allow from 192...(ip)
allow from localhost
allow from 127.0.0.1
deny from all

I hope that helps or gives you some insight!

Related Posts:

  1. Improve wordpress security by hiding non public resources
  2. Does this .htaccess security setting really work?
  3. File and directory permissions
  4. Using “wordpress_logged_in” to restrict direct access to uploads folder in 2021
  5. WordPress URL/Folder ReWrite using Htaccess
  6. Which WordPress scripts need to be executable for a fresh installation?
  7. Blocking access to wp-login via htaccess not working
  8. Attach to wp-login.php and xmlrpc.php
  9. XMLRPC filtering through htaccess not working
  10. Restricting user login by IP address
  11. .htaccess password protect all but one page
  12. WordPress: Adding Security
  13. How do I test to ensure that my wp-config file is protected?
  14. WordPress not seeing .htaccess rules
  15. Rules in .htaccess only if the requested URL is /wp-admin
  16. Disable directory browsing of uploads folder
  17. Strange behaviour of is_user_logged_in() and get_current_user_id()
  18. Selectively Disabling PHP via .htaccess in Root Directory
  19. Should I prevent access to .htaccess and wp-config.php files?
  20. Basic Auth .htaccess on wp-login, but allow logout from woocommerce
  21. Using htaccess to prevent spam through wp-comments-post.php
  22. How can I create a private site that is inaccessible from the outside?
  23. Restrict Content for only Contributors via .htaccess
  24. Allowing access to certain WordPress created pages or posts with htaccess / htpasswd
  25. My WP site and password was hacked, what to do? [closed]
  26. Security headers disappear on WordPress pages
  27. Why is this line of code Wrong in every WordPress .Htaccess security article?
  28. How to redirect all HTTP requests to HTTPS
  29. Best collection of code for your .htaccess file [closed]
  30. Default .htaccess file for WordPress?
  31. Where to securely store API keys and passwords in WordPress?
  32. Which one does WordPress prioritize when it comes to php.ini, wp-config and .htaccess?
  33. Why are passwords exportable as plain text in WordPress?
  34. Security and .htaccess
  35. Enforcing password complexity
  36. WordPress site hacked. Has .htaccess been hacked?
  37. multi page password protection
  38. htaccess problem after saving Settings
  39. Protecting direct access to PDF and ZIP unless user logged in (without plugin)
  40. Stop WordPress and Plugins from Overwriting .htaccess
  41. How is password strength calculated?
  42. Change Login URL Without Plugin
  43. htaccess disable WordPress rewrite rules for folder and its contents
  44. htaccess rewrite conflict with wordpress rules and ssl
  45. htaccess https redirect from www to non-www
  46. What does a security risk in a plugin look like?
  47. Htaccess for Wordpess set on single subdomain
  48. Securing wp-admin folder – Purpose? Importance?
  49. adding rewrite rules in .htaccess
  50. .htaccess and 500 error, extra character added
  51. Name-based virtual host configuration in Apache seems to cause a “500 Internal Server Error”
  52. Place static HTML files in path below WordPress page
  53. Make password invalid once logged out of password-protected page
  54. Static raw HTML page
  55. WordPress + Magento .htaccess ReWriteRule Issue (www vs. non-www)
  56. Plugin to edit htaccess file
  57. Setting WP Admin passwords to expire
  58. htaccess rewrite for author query string when WP is in subfolder
  59. Why “Settings->Permalinks” creates .htaccess file on nginx server?
  60. .htaccess for wordpress inside another wordpress install
  61. .htaccess file redirecting to parent directory
  62. Blog.php or how to display recent posts?
  63. Options for restricting access to wp-admin
  64. Rewrite /?rest_route=/ link to /wp-json/ without changing default permalink structure in apache
  65. Globally force SSL on all pages
  66. Serve apache 404 for missing assets rather then wp 404 template WP_Rewrites
  67. Isolating WordPress to a subfolder
  68. Remove year and month in URL using .htaccess
  69. index.php not loading in main folder of wordpress
  70. Admin-Ajax.php, SSL, Non-SSL
  71. How to Block Access to Standard Login Flow and Comment Flow
  72. How disable SSL redirect for specific URL?
  73. WordPress site displaying 404 for any page apart from index
  74. Which ways can be used to log in to WordPress?
  75. Why does the header set X-Robots-Tag apply to all pages?
  76. Permalinks not working on second wordpress installed in a subdirect
  77. How to avoid wordpress permalink rules to inherit in a sub-folder
  78. How to change “wp-admin” to something else without search-replacing the core?
  79. Error:406 not acceptable
  80. Unable to access WP admin
  81. .htaccess Rewrite URL WordPress
  82. Move wordpress to folder without changing urls
  83. Rewrite rule not working
  84. Can’t reset WordPress password
  85. A plugin changes my .htaccess file and I can’t access httpd.conf as that’s a shared server
  86. Cant block wordpress readme files
  87. Change wp-content without changing the name of the folder
  88. 404/500 error on /wp-json
  89. WordPress keeps deleting .htaccess file
  90. Correct htaccess to display page while also passing in GET parameters
  91. What is the role of .htaccess file in WordPress?
  92. Is the “lost password” feature truly a vulnerability?
  93. Using WordPress only for the backend, and using AngularJS as a frontend
  94. Temporary .htaccess blocking is disabling WP Crons from running?
  95. Block access to wp-admin
  96. How to restrict access to wp-content, wp-includes and all sub-folders
  97. Two domains on one WordPress Installation
  98. .htaccess redirects disappeared after re-saving permalinks
  99. Protect Upload Folder Files With Ampersand Problem
  100. How have I misconfigured basic auth for my wordpress site?
Hata!: SQLSTATE[HY000] [1045] Access denied for user 'divattrend_liink'@'localhost' (using password: YES)