I'm really a beginner with WordPress and don't know much about PHP.
I've installed my WordPress site on a Banana Pi (running Raspbian) und all works very well, except for the contact form. I have configured Apache Basic Authentication to protect my whole directory "/wp-admin" and that works well and as expected. (I only used the apache2.conf file and a password file, no .htaccess file(s) involved)
Unfortunately I realize now, that every time someone tries to send a message via contact form, the Apache Basic Auth triggers too. But this is of course not wanted.
How can I suppress Apache authentication when contact form message is sent?
I've tried some hints about excluding files or URL but all without success.
Found the solution by myself:
The apache access.log shows this line each time one tries to send a message via my wordpress contact form:
188.xxx.xxx.xxx - - [16/Nov/2014:12:10:58 +0100] "GET /wp-admin/admin-ajax.php?action=pp_contact_mailer&your_name=Kurt&email=kurti%40home.ch&message=Kurti&captcha-code=inif+sqcu HTTP/1.1" 401 671 "http://example.domain.ch/contact/" "Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko"
That proves that even a visitor want to send a message, one PHP file is accessed within the wp-admin directory. I excluded this file with this entry in the apache2.conf file:
<Files "admin-ajax.php">
Satisfy Any
Allow from all
</Files>