0

In my dev environment, for security reasons, my wp-admin folder is protected by basic authentication with htpasswd.

When i'm logged in the admin area (after passing Basic Authentication and Wordpress Login), wordpress tries to load several scripts by ajax with its load-scripts.php service but the script returns a 403 http error (forbidden) because of the Basic Authentication wall.

I've done some researches with no luck about how to solve this issue. Does anyone have any ideas or previous experience with this?

Stefano Ortisi
  • 5,288
  • 3
  • 33
  • 41
  • Make try using `define('SITE_URL','your site url')` and `define('HOME_URL','your site url')` in wp-config.php file it may be solve your issue. – kuldip Makadiya Feb 27 '16 at 10:07
  • If you look at [jQuery's documentation on $.ajax()](http://api.jquery.com/jquery.ajax/), you should see it accepts a `username` and a `password` parameter, which should solve this on custom code, but might not be the solution for Wordpress code. – blex Feb 27 '16 at 10:08
  • @blex I don't think having credentials in a js file is a good idea in terms of security. Thanks anyway for your answer – Stefano Ortisi Feb 27 '16 at 10:19

2 Answers2

0

Ok I just fixed my problem. So good to know for anyone will get the same issue.

The solution is to disable the "CONCATENATE_SCRIPT" feature, enabled by default, by adding the following line to your wp-config.php

define('CONCATENATE_SCRIPTS', false);

Now the scripts don't get load by ajax but printed straight to the html page and everything works fine. I think, although the page loading will be a bit slower than before as it will wait for all the scripts to be loaded, it's a good compromise if we want to add a bit more security to our admin area.

Stefano Ortisi
  • 5,288
  • 3
  • 33
  • 41
-1

Where is the script inclusion located? A the head or on the bottom? The problem may come from the location .

If you can insert some code where you have tried.

Sdmg15
  • 19
  • 7