Unfortunately a Password Protected post uses the wp-login.php
file to process the password authentication for a post. So your Apache snippet of blocking all but those specific IPs is going to apply to anything that is password protected as well.
You can get nerdy and read code. In here you can see that Post Password form’s action is set to run that data through wp-login.php?action=postpass
So that is the bad news, BUT:
I wonder if trying to open that up so that your other files in WP can access those files? (I am just purely guessing at this point)
# Block access to wp-login.php.
<Files wp-login.php>
order deny,allow
allow from 192...(ip)
allow from 192...(ip)
allow from localhost
allow from 127.0.0.1
deny from all
I hope that helps or gives you some insight!
Related Posts:
- Improve wordpress security by hiding non public resources
- Does this .htaccess security setting really work?
- File and directory permissions
- Using “wordpress_logged_in” to restrict direct access to uploads folder in 2021
- WordPress URL/Folder ReWrite using Htaccess
- Which WordPress scripts need to be executable for a fresh installation?
- Blocking access to wp-login via htaccess not working
- Attach to wp-login.php and xmlrpc.php
- XMLRPC filtering through htaccess not working
- Restricting user login by IP address
- .htaccess password protect all but one page
- WordPress: Adding Security
- How do I test to ensure that my wp-config file is protected?
- WordPress not seeing .htaccess rules
- Rules in .htaccess only if the requested URL is /wp-admin
- Disable directory browsing of uploads folder
- Strange behaviour of is_user_logged_in() and get_current_user_id()
- Selectively Disabling PHP via .htaccess in Root Directory
- Should I prevent access to .htaccess and wp-config.php files?
- Basic Auth .htaccess on wp-login, but allow logout from woocommerce
- Using htaccess to prevent spam through wp-comments-post.php
- How can I create a private site that is inaccessible from the outside?
- Restrict Content for only Contributors via .htaccess
- Allowing access to certain WordPress created pages or posts with htaccess / htpasswd
- My WP site and password was hacked, what to do? [closed]
- How to redirect all HTTP requests to HTTPS
- Which one does WordPress prioritize when it comes to php.ini, wp-config and .htaccess?
- Why are passwords exportable as plain text in WordPress?
- Enforcing password complexity
- htaccess problem after saving Settings
- How is password strength calculated?
- htaccess https redirect from www to non-www
- Name-based virtual host configuration in Apache seems to cause a “500 Internal Server Error”
- Setting WP Admin passwords to expire
- Isolating WordPress to a subfolder
- How disable SSL redirect for specific URL?
- How to change “wp-admin” to something else without search-replacing the core?
- What is the role of .htaccess file in WordPress?
- Remove File Extension for Page Outside of WordPress
- How can I code my plugin to safely modify .htaccess?
- HTAccess stops me from accessing WordPress Dashboard links
- different child theme for subdomain
- How do I edit the htaccess file to optimize my website?
- Should I add the IP of the server that hosts my sites to the list of authorized IPs in the wp-admin/.htaccess?
- Block only external access to wp-cron.php on OpenLiteSpeed
- .htaccess rewrite rule puzzle
- Site searches by Python for non-existent assets
- WordPress On subfolder
- How do I properly update the WordPress database password?
- Override htacces rule only for specific directory
- How To Allow Only Specific User Agent To Access a URL?
- browser caching not disabled after disabling in .htaccess
- How to ignore folder in site root while accessing a URL
- How can I enable keep alive (Not accessing to Apache)
- Adding a SSL Certificate
- HTTP sitewide, except for: wp-admin, and 2 custom directories
- WordPress installed in root, need second in subdirectory with different domain
- htaccess has broken my site
- TimThumb & htaccess : clean url
- Only Allow Front End Access
- .htacess rewrite condition: page to seconddomain/page
- .htaccess RewriteCond excluding directories does not work when there is an .htaccess or php.ini in subdirectory
- Reset Password policy
- Separate 404 page for WordPress in subfolder
- Password protect any file in WordPress
- Does WP suppresses .htaccess if permalinks are disabled?
- Need help rebuilding lost htaccess file
- How to rename index.php to home.php
- disable WordPress 404 for one specific page/folder to receive actual php errors
- .htpasswd asking for authentication on home page
- WordPress login fail after .htaccess domain redirect
- Redirect to new domain with .htaccess [closed]
- Access sub-domain when root public_html is protected with .htaccess password
- Redirect https://www.subdomain.domain.com is not redirecting to subdomain.website.com [closed]
- Can’t access htaccess [closed]
- WordPress permalinks confusion
- .htaccess redirect not properly working [ ?utm_source=]
- I need to find which is the file that checks the DB for correct login (username, password)
- How to make WP page accessile only to specific user roles
- hide theme files for admin beneath root
- Why my WordPress Site Asking for HTTP Authentication?
- htaccess redirects invalid request to home page not 404
- Deny php execution in /wp-includes – using .htaccess in /wp-includes VS root folder
- WordPress How to rewrite URL for custom pages
- How can I restrict access, by IP, to the `wp-admin` folder/Dashboard?
- How to properly give WordPress its own directory
- WordPress permalinks is wrong. It wants me to change my htaccess file. But then site crashes
- How to move wordpress website from hosting account to localhost
- Question with .htaccess and wp-login.php prevention
- After changing permalink, getting 404 for one particular category
- WordPress RSS feed to external XML
- Does htaccess password keep search engines out?
- htaccess old php pages to new wordpress ones
- different CNAME to corresponding subfolders
- block seacrh engines for all pages EXCEPT homepage
- htaccess – Server Subdirectory With Different Name Than URL Subdirectory
- Enable webp support Nginx+Apache reverse proxy with moss.sh [closed]
- WordPress redirection
- Home page returns 404
- Browser Caching .htaccess