外掛標籤
開發者團隊
原文外掛簡介
A lightweight plugin that forces login for backend access in a headless WordPress setup. Keeps your WordPress dashboard private while allowing your front end (e.g. Astro, Next.js) to pull content via GraphQL/REST.
What it does
Requires authentication for /wp-admin/ and other backend pages
Always allows the login page to avoid redirect loops
Leaves key endpoints open for headless use:
/wp-json/ (REST API)
/graphql (WPGraphQL)
/wp-admin/admin-ajax.php (AJAX)
/wp-cron.php (cron)
/robots.txt
/sitemap*.xml (sitemaps and indexes)
/wp-content/uploads/* (media)
/favicon.ico
/newrelic (New Relic monitoring)
Logged-in users visiting the backend root get redirected to the dashboard
Works with Bedrock layouts (handles root path vs /wp/)
Use case
WordPress is the content backend
Public site is built with Astro/Next.js/etc
Editors log in to WordPress. Visitors never see the backend
Front end builds and live pages can still query GraphQL/REST without authentication
Customization
Developers can customize allowed endpoints using the force_login_allowed_patterns filter:
add_filter('force_login_allowed_patterns', function($patterns) {
$patterns[] = '#^/healthz$#'; // custom health check
$patterns[] = '#^/status$#'; // uptime checks
$patterns[] = '#^/wp-json/acf/v3/.*#'; // specific REST namespace
return $patterns;
});
