Secure wp-admin module from other users

I think, that there are good idea to restrict access to wp-admin folder in .htaccess file by using following lines:

#file location: /wp-admin/.htaccess
order deny,allow
deny from all
allow from 1.1.1.1

Where 1.1.1.1 is my ip address.
But the problem is when some of WordPress plugins using ajax, for example Woocomerce gross plugin.

One of idea is create copy of admin-ajax.php file to admin-ajax-new.php, and create rule for $_GET[‘action’], for example:

$allowed = array('wpmenucart_ajax');
if( !in_array($_REQUEST['action'], $allowed) )
  die('0');

And add access only for this file admin-ajax-new.php for all ip addresses.

Or somehow allow access in .htaccess to admin-ajax.php file only when referer is my exam.ple.com domain.

What will be the best security solution in this case?

Read more here: Secure wp-admin module from other users

Leave a Reply

Your email address will not be published. Required fields are marked *