I have a question about the process.php file in the Build a Blog tutorials. In the comments tutorial it says to keep it in a protected directory so that nobody can access it and mess something up, so I protected it with an .htaccess file. But now whenever I try to post a comment, I have to log into the directory my process.php is in.

Is it safe to keep process.php in a non-secure directory? I know you can't access it directly, but is that adequate? If it's not secure enough, can anybody recommend a different way to protect my admin panel?

You don't need to put process.php in a protected folder. If you do that, people won't be able to comment. I'm not sure why the tutorial says to do that. It's secure enough in a normal directory - WordPress has its comment processing file in a normal directory (not the admin one) so it should be ok.

Thank you very much!