Independent Development
WordPress users can access the admin site
Error
If the site users were registered by the default WordPress progress, users can access the admin site by add /wp-admin/ to the end of domain.
Although they will have no permission to do anything dangerous, the page may be confusing. And also, such action mostly is not the purpose of the site owner.
Solution
There are ways to avoid that. In PHP, there is a way to redirect anyone but administrator back to the public page.
If the WordPress sites were held by Nginx, the redirect rules can be defined by Nginx configuration file.
But the most easy way is to use a plugin: Remove Dashboard Access.
If the WordPress is used for multiple sites, the configuration of each site should be set independently.
Main Site(Under building)
Related Platforms
(Github Issues) / (Notion) / (Blog)
Advertisement
(A website to optimize your resume and to boost your career: Nonpareil.me)
独立开发
WordPress用户可以访问后台
问题
如果网站注册用户使用了Wordpress的默认注册流程,虽然方便,不过也会带来一些副作用。比如用户可能通过在域名后添加/wp-admin/这种方法访问后台。
尽管因为有权限限制,实际上也做不了什么,不过这仍然很危险,并且估计也不是开发者希望的。
解决方案
有很多种方法解决这个问题。
在Wordpress的插件或者主题里,可以通过PHP代码定义重定向规则。
如果使用Nginx代理Wordpress站点,Nginx的配置文件也可以定义重定向规则。
不过最方便的,是使用插件Remove Dashboard Access。
如果是多站点,那么所有子站点最好都要单独设定一下。
主站(建设中)
相关平台
(Github Issues) / (Notion) / (Blog)