Hacker News new | ask | show | jobs
by SHIT_TALKER 3865 days ago
Doesn't that break admin-ajax.php access? It sits behind /wp-admin/. WordPress recommends allowing access when using IP whitelists.

Apache:

  # Allow access to wp-admin/admin-ajax.php
  <Files admin-ajax.php>
      Order allow,deny
      Allow from all
      Satisfy any
  </Files>
Nginx:

  location /wp-admin/admin-ajax.php {
    allow all;
  }
1 comments
jakejake 3864 days ago
Ah, interesting. I guess their theme didn't use any ajax features. But, to be safe I updated my gist to exclude that file.
link