php 更改 Wordpress 管理 URL
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/24090866/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Change Wordpress Admin URL
提问by Drew
I changed my Wordpress directory structure quite a bit. Here's what I have:
我改变了我的 Wordpress 目录结构。这是我所拥有的:
define('WP_SITEURL', 'http://' . $_SERVER['SERVER_NAME'] . '/wordpress');
define('WP_HOME', 'http://' . $_SERVER['SERVER_NAME']);
define('WP_CONTENT_DIR', dirname(__FILE__) . '/content');
define('WP_CONTENT_URL', 'http://' . $_SERVER['SERVER_NAME'] . '/content');
So I have a contentdirectory which contains my Plugins and Themes. And then I have a wordpressdirectory which contains the core WP files, minus the wp-content folder.
所以我有一个包含我的插件和主题的内容目录。然后我有一个wordpress目录,其中包含核心 WP 文件,减去 wp-content 文件夹。
With this new structure, I have to access the WP backend with this URL: http://site.dev/wordpress/wp-admin
使用这个新结构,我必须使用这个 URL 访问 WP 后端: http://site.dev/wordpress/wp-admin
Is there a way I can change it so I can just access it like so: http://site.dev/wp-admin
有没有办法改变它,这样我就可以像这样访问它: http://site.dev/wp-admin
I don't want wordpress to be in the URL. Would this be an htaccess update I need to make, or is there a setting I can use in my wp-config.php file?
我不希望 wordpress 出现在 URL 中。这是我需要进行的 htaccess 更新,还是我可以在 wp-config.php 文件中使用的设置?
回答by jbrahy
Here's an article from wordpress's site.
这是来自 wordpress 网站的一篇文章。
http://wordpress.org/support/topic/how-to-change-the-admin-url-or-wp-admin-to-secure-login
http://wordpress.org/support/topic/how-to-change-the-admin-url-or-wp-admin-to-secure-login
Add constant to wp-config.php
define('WP_ADMIN_DIR', 'secret-folder'); define( 'ADMIN_COOKIE_PATH', SITECOOKIEPATH . WP_ADMIN_DIR);Add below filter to functions.php
add_filter('site_url', 'wpadmin_filter', 10, 3); function wpadmin_filter( $url, $path, $orig_scheme ) { $old = array( "/(wp-admin)/"); $admin_dir = WP_ADMIN_DIR; $new = array($admin_dir); return preg_replace( $old, $new, $url, 1); }Add below line to .htaccess file
RewriteRule ^secret-folder/(.*) wp-admin/?%{QUERY_STRING} [L]
将常量添加到 wp-config.php
define('WP_ADMIN_DIR', 'secret-folder'); define( 'ADMIN_COOKIE_PATH', SITECOOKIEPATH . WP_ADMIN_DIR);将以下过滤器添加到functions.php
add_filter('site_url', 'wpadmin_filter', 10, 3); function wpadmin_filter( $url, $path, $orig_scheme ) { $old = array( "/(wp-admin)/"); $admin_dir = WP_ADMIN_DIR; $new = array($admin_dir); return preg_replace( $old, $new, $url, 1); }将以下行添加到 .htaccess 文件
RewriteRule ^secret-folder/(.*) wp-admin/?%{QUERY_STRING} [L]
回答by Abu fateh
I played around with this and there is a much simpler way to do this all in this one simple function below without having to muck around with anything else (create unnecessary folders, redirects, pages, etc.).
我玩了这个,有一种更简单的方法可以在下面的这个简单函数中完成所有这些操作,而无需处理其他任何事情(创建不必要的文件夹、重定向、页面等)。
// Simple Query String Login page protection
function example_simple_query_string_protection_for_login_page() {
$QS = '?mySecretString=foobar';
$theRequest = 'http://' . $_SERVER['SERVER_NAME'] . '/' . 'wp-login.php' . '?'. $_SERVER['QUERY_STRING'];
// these are for testing
// echo $theRequest . '<br>';
// echo site_url('/wp-login.php').$QS.'<br>';
if ( site_url('/wp-login.php').$QS == $theRequest ) {
echo 'Query string matches';
} else {
header( 'Location: http://' . $_SERVER['SERVER_NAME'] . '/' );
}
}
add_action('login_head', 'example_simple_query_string_protection_for_login_page');
回答by OneByte
This is very helpful topic. I made some little correction in the function and this is my version:
这是一个非常有用的话题。我在函数中做了一些小修正,这是我的版本:
add_filter('site_url', 'wpadmin_filter', 10, 3);
function wpadmin_filter( $url, $path, $orig_scheme ) {
$request_url = $_SERVER['REQUEST_URI'];
$check_wp_admin = stristr($request_url, 'wp-admin');
if($check_wp_admin){
wp_redirect( home_url( '404' ), 302 );
exit();
}
$old = array( "/(wp-admin)/");
$admin_dir = WP_ADMIN_DIR;
$new = array($admin_dir);
return preg_replace( $old, $new, $url, 1);
}
Mainly for redirecting of wp-admin.
主要用于重定向wp-admin.
And most important part:
最重要的部分:
add_rewrite_rule( '^' . 'backend/(.*)','wp-admin/?%{QUERY_STRING}' );
To updates .htaccessrule.
更新.htaccess规则。
回答by Nicholas
All I did was moved /wp-adminfolder ( inside of public_html/wordpress) into public_htmland I double checked to make sure it was going to work by renaming my WordPress folder ( I used wordpress_test, you can use anything ) and went to my site
example.com/wp-admin- it worked just the same as if I went to example.com/wordpress/wp-admin.
我所做的只是将/wp-admin文件夹(内部public_html/wordpress)移入public_html,我通过重命名我的 WordPress 文件夹(我使用过wordpress_test,你可以使用任何东西)仔细检查以确保它可以工作,然后转到我的网站
example.com/wp-admin- 它的工作方式就像一样我去了example.com/wordpress/wp-admin。
The only thing which is quite tricky is changing the wp-adminto something else , due to the fact the WP had coded the wp-adminthroughout numerous files. Just simply changing the name causes php and other errors. Simple plugin I find will fix that easily.
唯一相当棘手的是将 更改wp-admin为其他内容,因为 WP 已对wp-admin众多文件进行了编码。只是简单地更改名称会导致 php 和其他错误。我发现的简单插件很容易解决这个问题。
Note: I didn't have to make any coding to do this. I had to change some code around for the wp-admin, because the plugin didn't do what I wanted.
注意:我不需要进行任何编码来做到这一点。我不得不为 更改一些代码wp-admin,因为插件没有做我想要的。
回答by Dealazer
There is one other way that will ensure quite better tactic to your secured wp-admin.
还有另一种方法可以确保为您的安全 wp-admin 提供更好的策略。
As well having own wp-admin name as perhaps: "worksersneeded/"
以及拥有自己的 wp-admin 名称,例如:“workersneeded/”
I did it to one of my sites, ended up in miracle where the probed SSL site was displaying different towards my site from different geo locations.
我对我的一个网站做了它,结果奇迹般地结束了,被探测的 SSL 网站从不同的地理位置向我的网站显示不同。
You will have to download a tool called Notepad ++: https://notepad-plus-plus.org/download/
您必须下载一个名为 Notepad ++ 的工具:https: //notepad-plus-plus.org/download/
Unless you will be doing to much work on each of the files in the directory.
除非您将对目录中的每个文件进行大量工作。
After then you need to extract the WordPress into a folder.
之后,您需要将 WordPress 解压缩到一个文件夹中。
Then edit all files in the directory while searching after wp-admin. Then replace all the files with your the name: "workersneeded" or your own name.
然后在搜索 wp-admin 的同时编辑目录中的所有文件。然后用你的名字替换所有文件:“workersneeded”或你自己的名字。
Like in notepad enter "search in files" to "find what": wp-admin/
就像在记事本中输入“在文件中搜索”以“查找内容”一样:wp-admin/
And in "replace with": workersneeded/
并在“替换为”:workersneeded/
Then replace all files.
然后替换所有文件。
You need to put into wp-config.php this line as well to monitor all problems:
您还需要将此行放入 wp-config.php 以监控所有问题:
ini_set('log_errors',TRUE);
ini_set('error_reporting', E_ALL);
ini_set('error_log', dirname(__FILE__) . '/error_log.txt');
After you overwritten most in the WordPress directory and your wp-admin has now the name "workersneeded" you will most likely encounter slight problems with some of your WordPress plugins or themes.
在您覆盖 WordPress 目录中的大部分内容并且您的 wp-admin 现在名称为“workersneeded”之后,您很可能会遇到一些 WordPress 插件或主题的小问题。
That is why you will need to log them into the error_log.txt file.
这就是为什么您需要将它们记录到 error_log.txt 文件中的原因。
After finding the errors in the file. You will most likely need to edit the .php file which still tries to connect to wp-admin. That way you can replace the file information of wp-admin to your administration folder.
在发现文件中的错误后。您很可能需要编辑仍尝试连接到 wp-admin 的 .php 文件。这样您就可以将 wp-admin 的文件信息替换到您的管理文件夹中。
You can again download your plugins and replace the same procedure as above with notepad++. That way you can make all plugins available with the new folder name.
您可以再次下载您的插件并用记事本++替换与上述相同的过程。这样,您可以使用新文件夹名称使所有插件可用。
Then upload the folder of each plugin into your wp-content directory with wp file manager plugin.
然后使用 wp 文件管理器插件将每个插件的文件夹上传到您的 wp-content 目录中。
Be aware that your WordPress can't be auto-updated or updated doing so, even doing re-installation of your WordPress. You will have to do these replacements each time.
请注意,您的 WordPress 无法自动更新或更新,即使重新安装您的 WordPress。您每次都必须进行这些替换。
This was done with 4.9.8 version of WordPress as well as the newest 5.0.3
这是使用 4.9.8 版本的 WordPress 以及最新的 5.0.3 完成的
With 5.0.3 you get more errors into the error_log.txt file. Unknown why.
使用 5.0.3,您会在 error_log.txt 文件中获得更多错误。不知道为什么。
回答by Maroun Melhem
Finally found a way to do it without a plugin AND WITHOUT MODIFYING WP CORE(all tutorials suggests to do so for some weird reason).
终于找到了一种无需插件且无需修改 WP CORE 的方法(所有教程都建议出于某种奇怪的原因这样做)。
1- Copy wp-login.phpand rename it to new-secret-url.php(on your root directory)
1-将wp-login.php其复制并重命名为new-secret-url.php(在您的根目录上)
2- Open new-secret-url.phpfile and perform a search/replace of wp-login.phpto new-secret-url.php
2- 打开new-secret-url.php文件并执行搜索/替换wp-login.php到new-secret-url.php
3- Add the following code to your functions.php:
3- 将以下代码添加到您的functions.php:
/** Hide default login */
add_action( 'init', 'marounmelhem_hide_login' );
function marounmelhem_hide_login() {
//Only proceed for guests
if ( ! is_user_logged_in() ) {
//Getting current page
$current_url = str_replace( '/', '', $_SERVER['REQUEST_URI'] );
$hiddenWpAdmin = 'new-secret-url'; //Change this to your new secret wp-admin url
$redirectNaTo = '/';
//Checking if accessing correct login url
if ( $current_url == $hiddenWpAdmin ) {
wp_redirect( '/'.$hiddenWpAdmin.'.php' );
exit;
}
//Only allow requests to wp-login.php coming from correct login url
$adminToCheck = [
'wp-admin',
'wp-login.php'
];
if (
in_array( $current_url, $adminToCheck )
&&
$_GET['action'] !== "logout"
) {
wp_redirect( $redirectNaTo );
exit();
}
}
}
4- This only works if you're not using any other frontend login forms, if you do, you can change:
4- 这仅在您不使用任何其他前端登录表单时才有效,如果使用,您可以更改:
is_user_logged_in()to possibly !current_user_can( 'subscriber' )(or the role given in the frontend login logic)
is_user_logged_in()可能!current_user_can( 'subscriber' )(或前端登录逻辑中给出的角色)
5- Not sure if ajax calls works with the above, please let me know if you've tried it
5- 不确定 ajax 调用是否适用于上述方法,如果您尝试过,请告诉我
