‘Gallery Carousel Without JetPack’-plugin and htaccess-protected wp-admin.

I maintain several WordPress-installations and I received the request to protect the wp-admin-subfolder with a second level of password protection using .htpasswd and .htaccess. Which makes a second user/password-query appear on the browser when trying to access the admin-folder. It works fine, no problem with that.

However, I’m also using the ‘Gallery Carousel Without JetPack‘-plugin to enable simple and nice full-screen galleries. It turned out, that this plugin is requiring admin-ajax.php to request comments (via JQuery/Ajax) which are displayed for each image. As this file is located in the wp-admin-folder all anonymous users (so all site-visitors) were prompted for username and password when opening any gallery.

I don’t know whether there is another/better way for plugins to fetch comments with Ajax, but to fix this problem on my site, I excluded the admin-ajax.php from .htaccess-protection by adding

<Files "admin-ajax.php">
    Allow from all
    Satisfy any
</Files>

on the top of my wp-admin/.htaccess– file. Brett Batie has made a nice short post about .htaccess-exclusions – though he forget to add the closing </Files> to his single-file-example.

This is my complete .htacces-file now:

<Files "admin-ajax.php">
    Allow from all
    Satisfy any
</Files>

AuthType Basic
AuthName "Secure area"
AuthUserFile /<absolute-path-to-wordpress-on-the-server>/wp-admin/.htpasswd
AuthGroupFile /dev/null
require valid-user

Blogger: no revisions when drafting a post – lost an article

EDIT 2014-12-15: In the meantime I moved to WordPress on a dedicated site with all articles. I keep this one as a warning.

I was just about to finish an article (not this one) when I lost everything I wrote. Here is what I did:

I’m using Chrome to post and edit blog-articles.

  1. I switch to HTML-view to add an image – because the “insert image”-button didn’t work.
  2. I forgot to close the quotation mark for the value of the src-attribute.
  3. I saw that only when switching back to the Compose-view.
  4. I switched back to HTML-view and saw that now all HTML-tags where escaped and the characters were transformed to entities.
  5. I clicked undo until I reached a version which was OK. I clicked again undo by error. The textarea become blank.
  6. I clicked redo, still blank.
  7. I closed the TAB before autosave happens
  8. It had happened.
Result: text is lost. Luckily I started the text in an offline editor – so I still have an early draft.
Conclusion: WebApps, Cloud and things like this are still a risky way of doing things as long as the interface is a generic application like the browser. Even in 2014. Even with Chrome. Happy new year.