Options for restricting access to wp-admin
https://wordpress.stackexchange.com/questions/2572
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
So i've installed a plug-in which allows me to enable two-factor authentication for my users. The problem is that to enable the plug-in i have to log in as that user and enable it via their profile page (wp-admin).
This isn't a problem except for the fact that there's nothing stopping the users from logging in and disabling the two factor authentication which is an issue.
I've looked around at a few issues and none have seemed to work, essentially i want restrict backend access to only a select few (myself and few others).
I've tried stealth login and a few some htaccess solutions and none have seemed to work.
Any ideas?
Solution
You could make it a mu-plugin ('Must Use' plugin). Any PHP file you put into /wp-content/mu-plugins/ will automatically get included in WordPress. You can't deactivate the plugin (unless you have ftp access to the server). If you go with a mu-plugin, make sure to put the functionality into a subdirectory and bootstrap it with a php file in the mu-plugins directory.
EDIT
After reading the comment, I think I understand the problem better. It sounds like you want to be able to lock people out of the admin altogether. That's not so difficult. Try this:
function my_awesome_admin_lockout(){
if( is_admin() && !current_user_can( 'manage_options' ) ) {
wp_redirect( home_url() );
die();
}
}
add_action( 'init', 'my_awesome_admin_lockout' );
Basically, that locks everybody but admins out of the admin area.
OTHER TIPS
How about you revoke mysql write permissions on the table of the plugin
Anyone who would want to modify any value , will get an error.
If you want to update - you have to change permissions back,update the records,deny permissions again.
I havn't tried it. But it may work for you.
- Restrict complete access to wp-admin using .htaccess.
- Now Make an alias php file outside of wp-admin or in some other folder.
- Include wp-admin.php or necessary php file into alias PHP file.
- restrict search engines to look into folder which contains your alias file using robots.txt
