Admin Tools Password Protect WP Administrator issues

Help! I am locked out of my site's administration (wp-admin) area!

This feature works by placing two file, .htaccess and .htpasswd inside your site's wp-admin directory. If you forget the username/password you used for this feature and you are locked out of your site, please follow this procedure:

  1. Using your favourite FTP application, e.g. FileZilla or CyberDuck, log into your site and go into your site's root

  2. Go inside the wp-admin directory


    DO NOT SKIP THIS STEP or you will be removing the wrong file, causing a big problem on your site (especially if you're using permalinks which do not include index.php in them).

  3. Remove both the .htaccess and .htpasswd files. If you do not see those files, create two empty text files in your computer, rename them to .htaccess and .htpasswd and upload them.

I enabled this feature and now the front-end of my site asks me for a username and password?!

This is not a bug in Admin Tools, but a problem with one of the plugins you are using.

More specifically, WordPress plugins are supposed to be contained in full inside their wp-content/plugins subdirectory. However, one of your plugins has put its files in wp-admin OR it's directly calling core WordPress files from the wp-admin directory. This is wrong and insecure. Only the administration pages should try to access files inside wp-admin.

There are two workarounds:

  1. Disable the administrator password protection. This degrades your site's security but is the easiest and most immediate change. We do not recommend this.

  2. Consult the developer of the offending extension and explain to him that loading files from wp-admin in the public section of the site is insecure and he has to resolve this issue.