I have a Woocommerce site set up. When a customer account signs out it goes through a URL something like example.com/wp-login.php?action=logout which requires the HTTP Auth in order to log out. The customer login is not a problem because the site uses a custom login page.
I disabled HTTP auth for the site but I was wonder if it's possible to keep the HTTP auth protection for the wp-admin area and only remove it for wp-login.php? That way if someone hacked into an admin account by brute force, they still wouldn't be able to access the admin area without the HTTP auth.
Does that make sense? What do people normally do with Woocommerce sites where users need to be able log in or log out of non-admin accounts?