[wp-hackers] wp-admin folder and admin-ajax.php

Nicolas Kuttler wp-hackers at nicolaskuttler.de
Mon Aug 9 16:34:04 UTC 2010

On Mon, Aug 09, 2010 at 02:27:49PM +0100, Gavin Pearce wrote:
> Working on hardening a WordPress install for a security conscious
> client, I can't IP restrict the wp-admin folder, because admin-ajax.php
> is sometimes required by the front-end. Seems a strange idea to me!
> (Obviously ways around this, just seems a strange way of doing things -
> maybe someone can explain why?).

The IP restriction can probably whitelist files, as it is possible with the
password protection. See my post:


Hope that helps,


Nicolas Kuttler
wp at nkuttler.de

http://www.nicolaskuttler.de (deutsch)

More information about the wp-hackers mailing list