[wp-hackers] wp-admin folder and admin-ajax.php

Gavin Pearce Gavin.Pearce at 3seven9.com
Mon Aug 9 16:57:32 UTC 2010

Hi Nicolas,

Indeed you can - just seems a tad "un-logical" to have to provide
exception in htaccess for a file in the wp-admin folder. Ajax calls for
front-end should be handled as such.

Wondering if there was a reason to do this? The ticket referenced
earlier was marked resolved without a resolution to the original


-----Original Message-----
From: wp-hackers-bounces at lists.automattic.com
[mailto:wp-hackers-bounces at lists.automattic.com] On Behalf Of Nicolas
Sent: 09 August 2010 17:34
To: wp-hackers at lists.automattic.com
Subject: Re: [wp-hackers] wp-admin folder and admin-ajax.php

On Mon, Aug 09, 2010 at 02:27:49PM +0100, Gavin Pearce wrote:
> Working on hardening a WordPress install for a security conscious
> client, I can't IP restrict the wp-admin folder, because
> is sometimes required by the front-end. Seems a strange idea to me!
> (Obviously ways around this, just seems a strange way of doing things
> maybe someone can explain why?).

The IP restriction can probably whitelist files, as it is possible with
password protection. See my post:


Hope that helps,


Nicolas Kuttler
wp at nkuttler.de

http://www.nicolaskuttler.de (deutsch)
wp-hackers mailing list
wp-hackers at lists.automattic.com

More information about the wp-hackers mailing list