X

How to Restrict illegal Access of WordPress admin pages

restricting wp-admin

How to block bots and anyone directly accessing wp-admin pages:

With the popularity of WordPress as the most used CMS over the internet, some people are there to abuse the easy and developer friendly structure of WordPress. Athough there are numerous free and paid wordpress plugins which offers different solutions to WordPress security, but here i am going to share a simple way of restricting any illegal access to your WordPress admin pages. For bringing your focus to the problem and solution I will have to say that with improper security measures WordPress is more prone to hacking and spam posts. This post is a solution to the restriction of bots (automated scripts which constantly post or modify articles/content on any WordPress site with improper security).

There are tools/Bots which directly access wordpress admin pages for auto insertion of posts with content links pointing to their website or products. For blocking access of these bots i am going to share the code snippet with some explanatory notes. No more wasting your time, Directly going to the solution, following is the full code for restricting illegal access to the wp-admin/post-new.php and wp-admin/edit.php. You can restrict access to as many pages as you like, just change the URI to your needs.

 

Note: This code will work with the default directory structure of wordpress, if you have changed the directory structure of WordPress adjust this code to reflect your’s site directory structure.

add_action('admin_head','restrict_access'); // action hook for loading code in wp-admin pages.

function restrict_access(){

$Path=$_SERVER['REQUEST_URI']; // in this case $_SERVER['REQUEST_URI']; will return “/wp-admin”

$basepath='http://www.mysite.com/wp-admin';

$URI='http://www.mysite.com'.$Path;

/*if you want to restrict any other admin page just replace “post-new.php” OR “edit.php” with your desired page.
current_user_can ('administrator') will check if the user has not administrative capabilities
*/

if      (   ($URI ==($basepath . '/post-new.php')) && !current_user_can ('administrator')) {

// anyone attempting to access this page except administrator will be sent to the below page.

echo    '<meta http-equiv="Refresh" content = "5; URL='.site_url().'">
<div class="wrap"><br />
<div id="message" class="error">The Requested page do not exists.
<ul>
<li><a href="'.site_url().'">Home</a></li>
<li><a href="'.site_url().'/dashboard">Your dashboard</a></li>
</ul>
</div>
</div>';

exit();

}

elseif      (   ($URI ==($basepath . '/edit.php')) && !current_user_can ('administrator') ) {

// anyone attempting to access this page except administrator will be sent to the below page.

echo    '<meta http-equiv="Refresh" content = "10; URL='.site_url().'">

<div class="wrap"><br />
<div id="message" class="error">The Requested page do not exists.
<ul>
<li><a href="'.site_url().'">Home</a></li>
<li><a href="'.site_url().'/dashboard">Your dashboard</a></li>
</ul>
</div>
</div>';

exit();

}

}

The above code is very simple and self explanatory, all you have to paste this code in your theme functions.php file or in your plugin.

Do ask in comments for any difficulties related to implementing this code, enjoy coding with WordPress.

 

If you do know a better way of restricting illegal access to wprdpress admin pages, do share with us.

 

Leave a Reply

Your email address will not be published. Required fields are marked *


2261 Views