[wp-trac] [WordPress Trac] #28798: htaccess and protected option

WordPress Trac noreply at wordpress.org
Wed Jan 14 20:01:05 UTC 2015

#28798: htaccess and protected option
 Reporter:  YU.Design    |       Owner:
     Type:  enhancement  |      Status:  reopened
 Priority:  normal       |   Milestone:
Component:  General      |     Version:  4.0
 Severity:  normal       |  Resolution:
 Keywords:               |     Focuses:
Changes (by LukeWordPress):

 * status:  closed => reopened
 * resolution:  worksforme =>


 SetEnvIf does work with Query_String. So I tried using RewriteCond
 %{QUERY_STRING} action=postpass [NC] within .htaccess but unfortunately
 the mod_auth module gets executed before mod_rewrite. I am back to square

 It would be great if post passwords are through a separate file. This
 gives users the option of locking down the wp-login.php file against a
 brute force attack. I understand that this is not foolproof but some
 security is better than none.

Ticket URL: <https://core.trac.wordpress.org/ticket/28798#comment:2>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list