Unfortunately a Password Protected post uses the wp-login.php file to process the password authentication for a post. So your Apache snippet of blocking all but those specific IPs is going to apply to anything that is password protected as well.
You can get nerdy and read code. In here you can see that Post Password form’s action is set to run that data through wp-login.php?action=postpass
So that is the bad news, BUT:
I wonder if trying to open that up so that your other files in WP can access those files? (I am just purely guessing at this point)
# Block access to wp-login.php.
<Files wp-login.php>
order deny,allow
allow from 192...(ip)
allow from 192...(ip)
allow from localhost
allow from 127.0.0.1
deny from all
I hope that helps or gives you some insight!
Related Posts:
- Improve wordpress security by hiding non public resources
- Does this .htaccess security setting really work?
- File and directory permissions
- Using “wordpress_logged_in” to restrict direct access to uploads folder in 2021
- WordPress URL/Folder ReWrite using Htaccess
- Which WordPress scripts need to be executable for a fresh installation?
- Blocking access to wp-login via htaccess not working
- Attach to wp-login.php and xmlrpc.php
- XMLRPC filtering through htaccess not working
- Restricting user login by IP address
- .htaccess password protect all but one page
- WordPress: Adding Security
- How do I test to ensure that my wp-config file is protected?
- WordPress not seeing .htaccess rules
- Rules in .htaccess only if the requested URL is /wp-admin
- Disable directory browsing of uploads folder
- Strange behaviour of is_user_logged_in() and get_current_user_id()
- Selectively Disabling PHP via .htaccess in Root Directory
- Should I prevent access to .htaccess and wp-config.php files?
- Basic Auth .htaccess on wp-login, but allow logout from woocommerce
- Using htaccess to prevent spam through wp-comments-post.php
- How can I create a private site that is inaccessible from the outside?
- Restrict Content for only Contributors via .htaccess
- Allowing access to certain WordPress created pages or posts with htaccess / htpasswd
- My WP site and password was hacked, what to do? [closed]
- Why is this line of code Wrong in every WordPress .Htaccess security article?
- Protecting direct access to PDF and ZIP unless user logged in (without plugin)
- WordPress + Magento .htaccess ReWriteRule Issue (www vs. non-www)
- Admin-Ajax.php, SSL, Non-SSL
- How to Block Access to Standard Login Flow and Comment Flow
- WordPress site displaying 404 for any page apart from index
- How to avoid wordpress permalink rules to inherit in a sub-folder
- Cant block wordpress readme files
- WordPress keeps deleting .htaccess file
- Prevent users from browsing through the media galleries
- How to modify the .htaccess to force ssl on login and admin pages
- .htaccess redirects no longer work
- Exclude subfolder from WP-redirect works with html but not php files
- Server crashed trying to restore wordpress multisite, images are not found pls help
- Create subdomain masking for each user in WordPress
- Redirect from different port to subdomain – htaccess
- WordPress Redirect 301 register page
- Password protect a specific category page/post
- Preventing BFA in WordPress without using a plugin
- Only expose routes with prefix /wp-json on WordPress using Apache
- Hardening wordpress: blocking /includes with htaccess
- Install a Network under a mapped domain
- htaccess – RewriteRule without redirect not working
- Restrict uploaded files into a custom folder to logged in users by htaccess: looking for Nginx – not only Apache – solution
- Modify the .htaccess file
- blocking access to all post/tag URIs via htaccess
- sitemap contains weird links and does not contain my pages [closed]
- want to rewrite an URL in wordpress
- Giving to wordpress it’s own directory cause login loop
- how to redirect 301 my old search query string to wordpress search query string?
- How to block access to files without modifying .htaccess or ngnix config? [closed]
- Allow REST API over HTTP, the rest of the site forced to HTTPS
- Force to use STRONG users password and implement rule to prevent REUSE [closed]
- Conflict with Force SSL and Rewrite Rules
- create virtual subdomains for a bunch of urls on a site via .htaccess
- WordPress site blacklisted by Google about .htaccess [closed]
- How to rewrite 404 to home page using htaccess?
- How can I force a specific password?
- “Oops.” error on an html file directly uploaded to a subdirectory of my WordPress site
- How do I reset a rewrite?
- VServer/Rootserver/Shared Hosting: Multiple WordPress installations each having their unique domain?
- WP Codex answer incomplete? Put WP in subdirectory. .htaccess change required
- WordPress is removing trailing slash
- Sub domain URL slash / missing after domain and before Post & page slug
- Problem with WordPress permalinks
- Htaccess file reset automatically how to fix this issue
- Clone WordPress for testing on localhost (with Fiddler)
- Is it okay to use an ACF field to store a password for a protected area of a page?
- Redirect wordpress site to www from non www on wordpress server
- Update htaccess in several WP sites at once
- Pretty Url not working on the server
- How to use slug with subdomain?
- Reversing domain ‘sharding’ with htaccess
- Change wp-login.php? Problem with .htaccess password protection and multi user shop
- WordPress Intercepting Requests To A File In Public HTML
- Htaccess remove dates from root site but not from subdomain
- .htaccess home configuration
- Installing wordpress on subdirectory 2 levels down
- Cannot Override WordPress 404 for a Sub-Directory
- adding a rewrite rule in wordpress functions file
- Multisite permalinks for subfolder wordpress installation
- Missing visual editor after placing a redirect rule into the .htaccess file
- Redirect not working
- Permanently Redirect WordPress Subfolder Blog to Subdomain on Another Server
- WordPress site not redirecting properly
- Could a user account with a stolen password compromised entire WP site?
- .htaccess for Subdomain and Subfolder w/SSL
- Why my wp site always redirecting to the old website path..?
- Hiding wp-config.php via .htaccess on an install installed in another directory?
- WordPress redirection
- Home page returns 404
- Browser Caching .htaccess
- Are there any negative impact if access to directories were accidently denied?
- Interaction of .htaccess, WP_HOME, and WP_SITEURL
- malware affecting backend of wordpress website-could be .htaccess file