Blocking wp-login in HTACCESS has also blocked password protected pages

Unfortunately a Password Protected post uses the wp-login.php file to process the password authentication for a post. So your Apache snippet of blocking all but those specific IPs is going to apply to anything that is password protected as well.

You can get nerdy and read code. In here you can see that Post Password form’s action is set to run that data through wp-login.php?action=postpass

So that is the bad news, BUT:

I wonder if trying to open that up so that your other files in WP can access those files? (I am just purely guessing at this point)

# Block access to wp-login.php.
<Files wp-login.php>
order deny,allow
allow from 192...(ip)
allow from 192...(ip)
allow from localhost
allow from 127.0.0.1
deny from all

I hope that helps or gives you some insight!

Related Posts:

  1. Improve wordpress security by hiding non public resources
  2. Does this .htaccess security setting really work?
  3. File and directory permissions
  4. Using “wordpress_logged_in” to restrict direct access to uploads folder in 2021
  5. WordPress URL/Folder ReWrite using Htaccess
  6. Which WordPress scripts need to be executable for a fresh installation?
  7. Blocking access to wp-login via htaccess not working
  8. Attach to wp-login.php and xmlrpc.php
  9. XMLRPC filtering through htaccess not working
  10. Restricting user login by IP address
  11. .htaccess password protect all but one page
  12. WordPress: Adding Security
  13. How do I test to ensure that my wp-config file is protected?
  14. WordPress not seeing .htaccess rules
  15. Rules in .htaccess only if the requested URL is /wp-admin
  16. Disable directory browsing of uploads folder
  17. Strange behaviour of is_user_logged_in() and get_current_user_id()
  18. Selectively Disabling PHP via .htaccess in Root Directory
  19. Should I prevent access to .htaccess and wp-config.php files?
  20. Basic Auth .htaccess on wp-login, but allow logout from woocommerce
  21. Using htaccess to prevent spam through wp-comments-post.php
  22. How can I create a private site that is inaccessible from the outside?
  23. Restrict Content for only Contributors via .htaccess
  24. Allowing access to certain WordPress created pages or posts with htaccess / htpasswd
  25. My WP site and password was hacked, what to do? [closed]
  26. How to redirect all HTTP requests to HTTPS
  27. Which one does WordPress prioritize when it comes to php.ini, wp-config and .htaccess?
  28. Why are passwords exportable as plain text in WordPress?
  29. Enforcing password complexity
  30. htaccess problem after saving Settings
  31. How is password strength calculated?
  32. htaccess https redirect from www to non-www
  33. Name-based virtual host configuration in Apache seems to cause a “500 Internal Server Error”
  34. Setting WP Admin passwords to expire
  35. Isolating WordPress to a subfolder
  36. How disable SSL redirect for specific URL?
  37. How to change “wp-admin” to something else without search-replacing the core?
  38. What is the role of .htaccess file in WordPress?
  39. Remove File Extension for Page Outside of WordPress
  40. How can I code my plugin to safely modify .htaccess?
  41. HTAccess stops me from accessing WordPress Dashboard links
  42. different child theme for subdomain
  43. How do I edit the htaccess file to optimize my website?
  44. Should I add the IP of the server that hosts my sites to the list of authorized IPs in the wp-admin/.htaccess?
  45. Block only external access to wp-cron.php on OpenLiteSpeed
  46. .htaccess rewrite rule puzzle
  47. Site searches by Python for non-existent assets
  48. WordPress On subfolder
  49. How do I properly update the WordPress database password?
  50. Override htacces rule only for specific directory
  51. How To Allow Only Specific User Agent To Access a URL?
  52. browser caching not disabled after disabling in .htaccess
  53. How to ignore folder in site root while accessing a URL
  54. How can I enable keep alive (Not accessing to Apache)
  55. Adding a SSL Certificate
  56. HTTP sitewide, except for: wp-admin, and 2 custom directories
  57. WordPress installed in root, need second in subdirectory with different domain
  58. htaccess has broken my site
  59. TimThumb & htaccess : clean url
  60. Only Allow Front End Access
  61. .htacess rewrite condition: page to seconddomain/page
  62. .htaccess RewriteCond excluding directories does not work when there is an .htaccess or php.ini in subdirectory
  63. Reset Password policy
  64. Separate 404 page for WordPress in subfolder
  65. Password protect any file in WordPress
  66. Does WP suppresses .htaccess if permalinks are disabled?
  67. Need help rebuilding lost htaccess file
  68. How to rename index.php to home.php
  69. disable WordPress 404 for one specific page/folder to receive actual php errors
  70. .htpasswd asking for authentication on home page
  71. WordPress login fail after .htaccess domain redirect
  72. Redirect to new domain with .htaccess [closed]
  73. Access sub-domain when root public_html is protected with .htaccess password
  74. Redirect https://www.subdomain.domain.com is not redirecting to subdomain.website.com [closed]
  75. Can’t access htaccess [closed]
  76. WordPress permalinks confusion
  77. .htaccess redirect not properly working [ ?utm_source=]
  78. I need to find which is the file that checks the DB for correct login (username, password)
  79. How to make WP page accessile only to specific user roles
  80. hide theme files for admin beneath root
  81. Why my WordPress Site Asking for HTTP Authentication?
  82. htaccess redirects invalid request to home page not 404
  83. Deny php execution in /wp-includes – using .htaccess in /wp-includes VS root folder
  84. WordPress How to rewrite URL for custom pages
  85. How can I restrict access, by IP, to the `wp-admin` folder/Dashboard?
  86. How to properly give WordPress its own directory
  87. WordPress permalinks is wrong. It wants me to change my htaccess file. But then site crashes
  88. How to move wordpress website from hosting account to localhost
  89. Question with .htaccess and wp-login.php prevention
  90. After changing permalink, getting 404 for one particular category
  91. WordPress RSS feed to external XML
  92. Does htaccess password keep search engines out?
  93. htaccess old php pages to new wordpress ones
  94. different CNAME to corresponding subfolders
  95. block seacrh engines for all pages EXCEPT homepage
  96. htaccess – Server Subdirectory With Different Name Than URL Subdirectory
  97. Enable webp support Nginx+Apache reverse proxy with moss.sh [closed]
  98. WordPress redirection
  99. Home page returns 404
  100. Browser Caching .htaccess