Skip to:
Content
Pages
Categories
Search
Top
Bottom

Bug of the code: preventing a subscriber from accessing the WordPress backend

  • @ar_m

    Participant

    1 day, 16 hours ago

    Hello
    My question is:
    In the address

    Layout and functionality – Examples you can use

    In the issue
    25.Restricting User Access to the WordPress backend

    Add this PHP code snippet so that only users who can only edit posts can access the WordPress admin section.
    Which was introduced to prevent the logged-in user from accessing the counter of the following code

    /**
    * Redirect back to homepage and not allow access to
    * WP backend for Subscribers.
    */
    function rkk_redirect_admin(){
    if ( ! current_user_can( ‘edit_posts’ ) ){
    wp_redirect( site_url() );
    exit;
    }
    }
    add_action( ‘admin_init’, ‘rkk_redirect_admin’ );

    The code works fine, but the bug is that:

    Although it appears to prevent a common user from accessing the WordPress dashboard, the same user can easily bypass the code ban and log in to the dashboard by opening a new tab in the browser and entering the address

    https://wordpress.org/wp-admin/

    in that tab and pressing Enter. This is the bug in the above code.

    The question is:
    How can I change the above code to prevent the trick of logging into the dashboard as described above?

    Thank you in advance for your advice.

Viewing 1 replies (of 1 total)
Viewing 1 replies (of 1 total)
  • You must be logged in to reply to this topic.

Topic Info

Topic Tags

Skip to toolbar