I am using a MU Plugin to restrict non admins from the wp-admin area. I got this code from a WPMU DEV staff nearly an year ago. Here is the code:
if ( strpos( $requested_uri, ‘/wp-admin’:wink: !== false && !is_user_logged_in() ) {
do_action(‘debugger_var_dump’, ‘REDIRECT’, ‘REDIRECT’, 0, 0);
// The redirect codebase
status_header( 404 );
nocache_headers();
include( get_query_template( ‘404’ ) );
die();
}
The problem is, this code is not allowing non-admin users to access admin-ajax.php . As a result, my Wordfence scan is failing.
In chat, I was given the following code:
add_action( ‘admin_init’, ‘redirect_non_admin_users’ );
function redirect_non_admin_users() {
if ( ! current_user_can( ‘manage_options’ ) && ‘/wp-admin/admin-ajax.php’ != $_SERVER ) {
wp_redirect( home_url() );
exit;
}
}
But this doesn’t help either.
So can you please write me a code which will restrict the non-admins to access wp-admin, but will allow plugins to access admin ajax?