外掛標籤
開發者團隊
原文外掛簡介
URL Blocker is a lightweight, developer-friendly plugin that lets site administrators block any relative URL on their WordPress site and control exactly what happens when a visitor tries to access it.
How it works
Add the relative paths you want to block (one per line) and choose what should happen when someone visits them:
Custom URL redirect — send visitors to any destination URL with a 302 redirect.
404 Not Found — serve your theme’s native 404 page with a proper HTTP 404 status header (no redirect, the URL stays the same).
Key features
Block any number of relative paths (e.g. /secret-page/, /members-only/).
Choose the redirect action per-site: custom URL or 404 page.
Exclude Admins — logged-in administrators are bypassed by default so they always have access. The option can be unchecked to restrict admins too.
One-click access via the Settings link on the Plugins list page.
All plugin data is removed from the database automatically when the plugin is deactivated.
Paths matched with and without trailing slash — /secret-page and /secret-page/ both work.
URL-encoded paths are decoded before matching, preventing bypass attempts like /%73ecret-page/.
Security
CSRF protection on every save using WordPress nonces.
Strict capability check (manage_options) before processing any form data.
All input is sanitised (sanitize_textarea_field, esc_url_raw, sanitize_key).
All output is escaped (esc_textarea, esc_attr, esc_html_e).
Uses wp_safe_redirect to prevent open-redirect abuse.