Make WordPress Core

Opened 13 years ago

Closed 13 years ago

Last modified 13 years ago

#16780 closed defect (bug) (invalid)

admin-bar shouldn't be served via /wp-admin

Reported by: robertaccettura's profile robertaccettura Owned by:
Milestone: Priority: normal
Severity: normal Version: 3.1
Component: Administration Keywords:
Focuses: Cc:


Ideally the admin-bar shouldn't serve anything out of /wp-admin since some users .htaccess protect by IP or password. The chart however is. This is fine normally but since cookies don't abide by the same expiration policies as other security mechanisms you can end up with a password prompt on every page, or just a 403.

Ideally a php file in /wp-includes for the chart would be better.

Seeing this behavior in 3.1.

Change History (3)

#1 @duck_
13 years ago

  • Milestone Awaiting Review deleted
  • Resolution set to invalid
  • Status changed from new to closed

By "the chart" I think you must be using the WordPress stats plugin which adds a small bar graph to the admin bar. This is indeed loaded from wp-admin but is nothing to do with WordPress core as it is not part of a default install.

#2 @robertaccettura
13 years ago

Didn't realize, thanks.

#3 @duck_
13 years ago

Just a quick follow up. You should direct this information to (the WordPress stats plugin forum) and also be aware that there is an option to disable the admin bar chart (Plugins > Stats), however, it doesn't appear to be functioning correctly currently.

Note: See TracTickets for help on using tickets.