How to Restrict illegal Access of WordPress admin pages

restricting wp-admin

How to block bots and anyone directly accessing wp-admin pages:

With the popularity of WordPress as the most used CMS over the internet, some people are there to abuse the easy and developer friendly structure of WordPress. Athough there are numerous free and paid plugins which offers different solutions to WordPress security, but here i am going to share a simple way of restricting any illegal access of your WordPress admin pages. For bringing your focus to the problem and solution I will have to say that with improper security measures WordPress is more prone to hacking and spam posts. This post is a solution to the restriction of bots (automated scripts which constantly post or modify articles/content on any WordPress site with improper security).

Directly going to the solution, following is the full code for access restriction to the wp-admin/post-new.php and wp-admin/edit.php.

 

Note: This code will work with the default directory structure of wordpress, if you have changed the directory structure of WordPress adjust this code to reflect your’s site directory structure.

add_action('admin_head','restrict_access'); // action hook for loading code in wp-admin pages.

function restrict_access(){

$Path=$_SERVER['REQUEST_URI']; // in this case $_SERVER['REQUEST_URI']; will return “/wp-admin”

$basepath='http://www.mysite.com/wp-admin';

$URI='http://www.mysite.com'.$Path;

/*if you want to restrict any other admin page just replace “post-new.php” OR “edit.php” with your desired page.
current_user_can ('administrator') will check if the user has not administrative capabilities
*/

if      (   ($URI ==($basepath . '/post-new.php')) && !current_user_can ('administrator')) {

// anyone attempting to access this page except administrator will be sent to the below page.

echo    '<meta http-equiv="Refresh" content = "5; URL='.site_url().'">
<div class="wrap"><br />
<div id="message" class="error">The Requested page do not exists.
<ul>
<li><a href="'.site_url().'">Home</a></li>
<li><a href="'.site_url().'/dashboard">Your dashboard</a></li>
</ul>
</div>
</div>';

exit();

}

elseif      (   ($URI ==($basepath . '/edit.php')) && !current_user_can ('administrator') ) {

// anyone attempting to access this page except administrator will be sent to the below page.

echo    '<meta http-equiv="Refresh" content = "10; URL='.site_url().'">

<div class="wrap"><br />
<div id="message" class="error">The Requested page do not exists.
<ul>
<li><a href="'.site_url().'">Home</a></li>
<li><a href="'.site_url().'/dashboard">Your dashboard</a></li>
</ul>
</div>
</div>';

exit();

}

}

The above code is very simple and self explanatory, all you have to do is to paste this code in your theme functions.php file or in your plugin.

Do ask for any difficulties related to implementing this code in comments, enjoy coding with WordPress.




Leave a Reply

Your email address will not be published. Required fields are marked *


269 Views