当非管理员尝试访问wp-admin或wp-login.php时,如何将用户重定向到404页面未找到错误 [英] How to redirect user to 404 page not found error when non admin try to access wp-admin or wp-login.php
问题描述
出于安全原因,我试图通过重写链接来限制对非管理员用户的wordpress网站管理员和登录面板访问权限,例如,如果用户键入 http://www.mysite.com/wp-login.php 或 http://www.mysite.com/wp-admin ,他被重定向到错误404页面,但是如果他键入 http://www.mysite.com/blah-login 或 http://www.mysite.com/blah-admin 重定向到我的WP管理员或登录面板。我有以下几种选择。
For security reasons I am trying to restrict my wordpress site admin and login panel access to non-admin users by rewriting the link, such that if user types in http://www.mysite.com/wp-login.php or http://www.mysite.com/wp-admin he is redirected to Error 404 page but if he types http://www.mysite.com/blah-login or http://www.mysite.com/blah-admin is redirected to my WP admin or login panel. I have following options to do that.
- 重写.htaccess文件,我不擅长此文件,也不想弄乱我网站的文件。 htaccess文件。
-
使用$ wp_rewrite类,我通过编写一个小插件来完成该类,其代码如下。
- Rewrite .htaccess file which I am not good at and don't wanna mess up my site's .htaccess file.
Use $wp_rewrite class which I did by writing a small plugin, its code is given below.
register_activation_hook( __FILE__, 'activate' );
function activate() {
rewrite();
flush_rewrite_rules();
}
register_deactivation_hook( __FILE__, 'deactivate' );
function deactivate() {
flush_rewrite_rules();
}
add_action( 'init', 'rewrite' );
function rewrite() {
add_rewrite_rule( 'blah-admin/?$', 'wp-admin', 'top' );
add_rewrite_rule( 'blah-login/?$', 'wp-login.php', 'top' );
add_rewrite_rule( 'blah-register/?$', 'wp-register.php', 'top' );
}
它的工作原理非常完美,只是它不限制对wp-admin的访问, wp-login.php或wp-registe.php(必须是哪个)。
It works perfectly only problem is it does not restrict access to wp-admin, wp-login.php or wp-registe.php (Which is must).
我可以将以下规则写入新的.htaccess文件。
I can write following rule to a new .htaccess file.
AuthUserFile /dev/null
AuthGroupFile /dev/null
AuthName "Wordpress Admin Access Control"
AuthType Basic
<LIMIT GET>
order deny,allow
deny from all
allow from xxx.xxx.xxx.xxx
</LIMIT>
并将其放在wp-admin文件夹下,它有2个缺点,一个缺点是它只会限制访问我的wp-admin文件夹不是wp-register.php或wp-login.php,第二个是我是DHCP客户端,因此 allow from xxx.xxx.xxx.xxx
and place it under wp-admin folder, it has 2 drawbacks one is it will only restrict access to my wp-admin folder not wp-register.php or wp-login.php and second is I am a DHCP client so allow from xxx.xxx.xxx.xxx
will not work for me.
我可以使用第二个和第三个规则的组合,但是它绝对不起作用,因为我无法为整个被阻止的文件夹提供替代的永久链接。
I could use a combination 2nd and third rule but it will definitely not work because I cannot provide an alternative permalink to a overall blocked folder.
作为最后的手段,我可以使用wp-modal插件的永久链接重写功能,它的工作原理很吸引人,但是该插件与我的主题不兼容。 / p>
As for a last resort I could use wp-modal plugin's permalink rewriting capability, it works like a charm but this plugin is not compatible with my theme.
那么我的问题真的有解决方案吗?
So is there really a solution to my problem?
推荐答案
我使用此代码段将人们重定向到后端(如果尚未登录)。您可以对其进行修改以指向您的404:
I use this snippet to redirect people away from the backend if they're not already logged in. You could modify it to point to your 404:
// BLOCK BACKEND ACCESS FOR NON-ADMINS
add_action( 'init', 'blockusers_init' );
function blockusers_init() {
// If accessing the admin panel and not an admin
if ( is_admin() && !current_user_can('level_10') ) {
// Redirect to the homepage
wp_redirect( home_url() );
exit;
}
}
只需更改 home_url()
函数到 wp_redirect
下的404页面。
Just change the URL from the home_url()
function to your 404 page under wp_redirect
.
这篇关于当非管理员尝试访问wp-admin或wp-login.php时,如何将用户重定向到404页面未找到错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!