Why you should not protect with password / wp-admin /

Surely you've read many guides explaining how to protect your WordPress desktop against intruders protecting it with a password, right? If you go further, right here: a two three . But you should not do it, because there is a problem.

What's the problem?

It's a big problem, because that way you'll prevent requests to admin-ajax.php and admin-post.php .

In case you have not seen it, or do not remember, in the WordPress Codex there is a page of how to implement AJAX where it is explained that admin-ajax.php is inside / wp-admin / .

So what's up? Well, if you use password protection for the directory / wp-admin / you will be blocking access to those files, which implies that will block all AJAX requests, something that is currently unthinkable, and that can leave your site practically unusable.

What is the solution?

Fortunately, like everything in WordPress, there is an easy solution for protect your desktop, while allowing the AJAX requests like this: