Help! I am locked out of my site's administration (wp-admin) area!
This feature works by placing two file,
.htaccess and .htpasswd
inside your site's wp-admin directory. If you
forget the username/password you used for this feature and you are
locked out of your site, please follow this procedure:
-
Using your favourite FTP application, e.g. FileZilla or CyberDuck, log into your site and go into your site's root
-
Go inside the
wp-admindirectory![[Warning]](/media/com_docimport/admonition/warning.png)
Warning DO NOT SKIP THIS STEP or you will be removing the wrong file, causing a big problem on your site (especially if you're using permalinks which do not include index.php in them).
-
Remove both the
.htaccessand.htpasswdfiles. If you do not see those files, create two empty text files in your computer, rename them to.htaccessand.htpasswdand upload them.
I enabled this feature and now the front-end of my site asks me for a username and password?!
This is not a bug in Admin Tools, but a problem with one of the plugins you are using.
More specifically, WordPress plugins are supposed to be contained in full inside their wp-content/plugins subdirectory. However, one of your plugins has put its files in wp-admin OR it's directly calling core WordPress files from the wp-admin directory. This is wrong and insecure. Only the administration pages should try to access files inside wp-admin.
There are two workarounds:
-
Disable the administrator password protection. This degrades your site's security but is the easiest and most immediate change. We do not recommend this.
-
Consult the developer of the offending extension and explain to him that loading files from wp-admin in the public section of the site is insecure and he has to resolve this issue.