Hello,

I am looking to protect my stats directory a bit further.  There certainly is a good password built in, and all, but I'd prefer that bots not even get that far.

Are there any files other than /stat/track.php that ever need to be accessed by the web server (not Php, but specifically apache in my case) ?  It doesn't appear that there are any to me, but wanted to check.

My PHP5 is pretty standard in that it ignores .htaccess rules for all of the local includes, etc.

If I can get the PHP-only mode working, I will ditch even allowing apache to access track.php

For now, I am using the following .htaccess in case it assists anyone :

(edited : it was causing issues, and failures to track; I suspect syntax error on my part)

I just prefer that all admin functions, in WordPress or anywhere else, especially those that use a password go over an SSL connection, so my links are always set that way; any non-SSL attempt to view those redirects them to the site root, as that's not me  

If they're persistent and come back over https, then they will get the standard apache username/pw login popup prompt box.

Please note this only protects some of the files in the main stat directory; you should insure the subdirectories under stat are also protected, if you desire.

Thanks!