Custom WordPress coding help

I am using a MU Plugin to restrict non admins from the wp-admin area. I got this code from a WPMU DEV staff nearly an year ago. Here is the code:

if ( strpos( $requested_uri, ‘/wp-admin’:wink: !== false && !is_user_logged_in() ) {

do_action(‘debugger_var_dump’, ‘REDIRECT’, ‘REDIRECT’, 0, 0);

// The redirect codebase

status_header( 404 );


include( get_query_template( ‘404’ ) );



The problem is, this code is not allowing non-admin users to access admin-ajax.php . As a result, my Wordfence scan is failing.

In chat, I was given the following code:

add_action( ‘admin_init’, ‘redirect_non_admin_users’ );

function redirect_non_admin_users() {

if ( ! current_user_can( ‘manage_options’ ) && ‘/wp-admin/admin-ajax.php’ != $_SERVER ) {

wp_redirect( home_url() );




But this doesn’t help either.

So can you please write me a code which will restrict the non-admins to access wp-admin, but will allow plugins to access admin ajax?