Title: Headless Login Guard
Author: Andrew Wilkinson
Published: <strong>18 Tháng 5, 2026</strong>
Last modified: 18 Tháng 5, 2026

---

Tìm kiếm plugin

![](https://ps.w.org/headless-login-guard/assets/banner-772x250.png?rev=3536308)

![](https://ps.w.org/headless-login-guard/assets/icon-256x256.png?rev=3536307)

# Headless Login Guard

 Bởi [Andrew Wilkinson](https://profiles.wordpress.org/andrew40/)

[Tải về](https://downloads.wordpress.org/plugin/headless-login-guard.1.0.1.zip)

 * [Chi tiết](https://vi.wordpress.org/plugins/headless-login-guard/#description)
 * [Đánh giá](https://vi.wordpress.org/plugins/headless-login-guard/#reviews)
 *  [Cài đặt](https://vi.wordpress.org/plugins/headless-login-guard/#installation)
 * [Nhà phát triển](https://vi.wordpress.org/plugins/headless-login-guard/#developers)

 [Hỗ trợ](https://wordpress.org/support/plugin/headless-login-guard/)

## Mô tả

A lightweight plugin that **forces login for backend access** in a headless WordPress
setup. Keeps your WordPress dashboard private while allowing your front end (e.g.
Astro, Next.js) to pull content via GraphQL/REST.

#### What it does

 * Requires authentication for `/wp-admin/` and other backend pages
 * Always allows the login page to avoid redirect loops
 * Leaves key endpoints open for headless use:
    - `/wp-json/` (REST API)
    - `/graphql` (WPGraphQL)
    - `/wp-admin/admin-ajax.php` (AJAX)
    - `/wp-cron.php` (cron)
    - `/robots.txt`
    - `/sitemap*.xml` (sitemaps and indexes)
    - `/wp-content/uploads/*` (media)
    - `/favicon.ico`
    - `/newrelic` (New Relic monitoring)
 * Logged-in users visiting the backend root get redirected to the dashboard
 * Works with Bedrock layouts (handles root path vs `/wp/`)

#### Use case

 * WordPress is the content backend
 * Public site is built with Astro/Next.js/etc
 * Editors log in to WordPress. Visitors never see the backend
 * Front end builds and live pages can still query GraphQL/REST without authentication

#### Customization

Developers can customize allowed endpoints using the `force_login_allowed_patterns`
filter:

    ```
    add_filter('force_login_allowed_patterns', function($patterns) {
        $patterns[] = '#^/healthz$#';           // custom health check
        $patterns[] = '#^/status$#';            // uptime checks
        $patterns[] = '#^/wp-json/acf/v3/.*#';  // specific REST namespace
        return $patterns;
    });
    ```

## Cài đặt

 1. Upload the plugin files to the `/wp-content/plugins/force-login` directory, or 
    install the plugin through the WordPress plugins screen directly.
 2. Activate the plugin through the ‘Plugins’ screen in WordPress.
 3. The plugin will automatically start protecting your backend – no configuration 
    needed!

## Hỏi đáp

### I’m locked out! How do I access my site?

Visit `/wp-login.php` directly to sign in. The plugin always allows access to the
login page.

### My front-end requests are failing. What should I do?

Verify the endpoint is on the allow list. Check the plugin description for the default
allowed patterns, or use the `force_login_allowed_patterns` filter to add custom
endpoints.

### Does this work with Bedrock?

Yes! The plugin correctly handles both standard WordPress installs and Bedrock layouts
where the site URL and home URL may differ.

### Can I add custom endpoints?

Yes, use the `force_login_allowed_patterns` filter to add your own regex patterns
for additional endpoints that should remain public.

## Đánh giá

Không có đánh giá nào cho plugin này.

## Người đóng góp & Lập trình viên

“Headless Login Guard” là mã nguồn mở. Những người sau đã đóng góp vào plugin này.

Những người đóng góp

 *   [ Andrew Wilkinson ](https://profiles.wordpress.org/andrew40/)

[Dịch “Headless Login Guard” sang ngôn ngữ của bạn.](https://translate.wordpress.org/projects/wp-plugins/headless-login-guard)

### Muốn tham gia phát triển?

[Duyệt code](https://plugins.trac.wordpress.org/browser/headless-login-guard/), 
check out [SVN repository](https://plugins.svn.wordpress.org/headless-login-guard/),
hoặc theo dõi [nhật ký phát triển](https://plugins.trac.wordpress.org/log/headless-login-guard/)
qua [RSS](https://plugins.trac.wordpress.org/log/headless-login-guard/?limit=100&mode=stop_on_copy&format=rss).

## Nhật ký thay đổi

#### 1.0.1

 * Added: New Relic monitoring endpoint allowlist pattern (`/newrelic`) to support
   APM monitoring
 * Added: WordPress.org plugin directory compatibility
 * Added: Proper plugin structure with activation/deactivation hooks
 * Added: Filter hook for customizing allowed patterns
 * Improved: Code organization and documentation

#### 1.0.0

 * Initial release
 * Restricts backend (`/wp-admin/`) to authenticated users
 * Allows GraphQL and REST API endpoints for headless front-ends
 * Basic whitelist of essential endpoints (cron, ajax, robots.txt, sitemaps, uploads)

## Meta

 *  Phiên bản **1.0.1**
 *  Cập nhật lần cuối **2 tháng trước**
 *  Số lượt cài đặt **Ít hơn 10**
 *  Phiên bản WordPress ** 6.0 hoặc cao hơn **
 *  Đã kiểm tra lên đến **6.9.4**
 *  Phiên bản PHP ** 8.1 hoặc cao hơn **
 *  Ngôn ngữ
 * [English (US)](https://wordpress.org/plugins/headless-login-guard/)
 * Thẻ
 * [GraphQL](https://vi.wordpress.org/plugins/tags/graphql/)[headless](https://vi.wordpress.org/plugins/tags/headless/)
   [login](https://vi.wordpress.org/plugins/tags/login/)[rest-api](https://vi.wordpress.org/plugins/tags/rest-api/)
   [security](https://vi.wordpress.org/plugins/tags/security/)
 *  [Nâng cao](https://vi.wordpress.org/plugins/headless-login-guard/advanced/)

## Đánh giá

Chưa có đánh giá nào được gửi.

[Your review](https://wordpress.org/support/plugin/headless-login-guard/reviews/#new-post)

[Xem tất cả đánh giá](https://wordpress.org/support/plugin/headless-login-guard/reviews/)

## Những người đóng góp

 *   [ Andrew Wilkinson ](https://profiles.wordpress.org/andrew40/)

## Hỗ trợ

Có điều gì muốn nói? cần giúp đỡ?

 [Xem diễn đàn hỗ trợ](https://wordpress.org/support/plugin/headless-login-guard/)