Make WordPress Core

Opened 7 years ago

Closed 7 years ago

Last modified 7 years ago

#16780 closed defect (bug) (invalid)

admin-bar shouldn't be served via /wp-admin

Reported by: robertaccettura Owned by:
Milestone: Priority: normal
Severity: normal Version: 3.1
Component: Administration Keywords:
Focuses: Cc:


Ideally the admin-bar shouldn't serve anything out of /wp-admin since some users .htaccess protect by IP or password. The chart however is. This is fine normally but since cookies don't abide by the same expiration policies as other security mechanisms you can end up with a password prompt on every page, or just a 403.

Ideally a php file in /wp-includes for the chart would be better.

Seeing this behavior in 3.1.

Change History (3)

#1 @duck_
7 years ago

  • Milestone Awaiting Review deleted
  • Resolution set to invalid
  • Status changed from new to closed

By "the chart" I think you must be using the WordPress stats plugin which adds a small bar graph to the admin bar. This is indeed loaded from wp-admin but is nothing to do with WordPress core as it is not part of a default install.

#2 @robertaccettura
7 years ago

Didn't realize, thanks.

#3 @duck_
7 years ago

Just a quick follow up. You should direct this information to http://wordpress.org/tags/stats?forum_id=10 (the WordPress stats plugin forum) and also be aware that there is an option to disable the admin bar chart (Plugins > WordPress.com Stats), however, it doesn't appear to be functioning correctly currently.

Note: See TracTickets for help on using tickets.