Disable front end to use as CMS only?

The question:

I’m using the WordPress database and back end to administer the news for my band’s website and everything is working great however I’d like to disable the front end of WordPress itself.

I have the WordPress installation installed in /wordpress/ and obviously the admin section is under /wordpress/wp-admin/.

What would be the best way to restrict someone from accessing the rather *un*setup WordPress site itself without affecting the admin section?

If anything, I could simply redirect to the website’s proper home page (domain.com/).

The Solutions:

Below are the methods you can try. The first solution is probably the best. Try others if the first one doesn’t work. Senior developers aren’t just copying/pasting – they read the methods carefully & apply them wisely to each case.

Method 1

To make sure only the front end redirects to domain.com, make a theme that uses the PHP header() function.

  • Create a folder called redirect or
    something.

  • Add two files to the
    folder: style.css and index.php
    (necessary for a valid WP theme)

  • In style.css, add something like
    this:

    /*  
       Theme Name: Redirect  
       Description: Redirects the front end to domain.com  
    */
    
  • In index.php add this:

    <?php
         header( "Location: http://domain.com" );
    ?>  
    
  • Upload the folder to the themes directory and then activate it in the admin UI.

Method 2

Use a theme with “empty data”. Put two files in directory, then activate “theme”.

style.css

/*
Theme Name: turn off frontend
Theme URI: 
Description: 
Author: 
Version: 
License: GNU 
License URI: 
Tags:
*/

and index.php

<?php
exit;

Method 3

Although this is a rather old question with an already accepted answer, someone might find this useful, specially since none of these solutions worked for me.

function redirect_to_backend() {
    if( !is_admin() ) {
        wp_redirect( site_url('wp-admin') );
        exit();
    }
}
add_action( 'init', 'redirect_to_backend' );

The code itself is pretty explanatory:

  • run the check on the ‘init’ hook
  • check if the page we are loading is front end (not wp-admin)
  • redirect to back end (wp-admin)

Just put the code in any plugin or the theme’s function.php and it should work out of the box.

EDIT:

If this is not working for you (I had minor issues even with this code), you can create a new theme (or a child theme) and put only this content inside the header.php file:

<?php
header("Location: ".get_admin_url());
exit();

Method 4

Put this in your .htaccess and list the paths you want to keep available:

RewriteCond %{REQUEST_URI} !^/wp-admin
RewriteCond %{REQUEST_URI} !^/wp-includes
RewriteCond %{REQUEST_URI} !^/wp-login
RewriteCond %{REQUEST_URI} !^/wp-content/uploads
RewriteCond %{REQUEST_URI} !^/wp-content/plugins
RewriteCond %{REQUEST_URI} !^/wp-content/cache
RewriteRule (.*) http://yournewdomain.com/ [R=301,L]

Method 5

IMO, a plugin would require less work and is more appropriate for the specific case.

<?php
/*
Plugin Name: Disalbe Frontend
Description:  Disable the frontend interface of the website, leave only CMS and REST API
Version: 1.0
*/

add_action('init', 'redirect_to_backend');

function redirect_to_backend() {
    if(
        !is_admin() &&
        !is_wplogin() &&
        !is_rest()
    ) {
    wp_redirect(site_url('wp-admin'));
    exit();
  }
}


if (!function_exists('is_rest')) {
    /**
     * Checks if the current request is a WP REST API request.
     * 
     * Case #1: After WP_REST_Request initialisation
     * Case #2: Support "plain" permalink settings
     * Case #3: URL Path begins with wp-json/ (your REST prefix)
     *          Also supports WP installations in subfolders
     * 
     * @returns boolean
     * @author matzeeable
     */
    function is_rest() {
        $prefix = rest_get_url_prefix( );
        if (defined('REST_REQUEST') && REST_REQUEST // (#1)
            || isset($_GET['rest_route']) // (#2)
                && strpos( trim( $_GET['rest_route'], '\/' ), $prefix , 0 ) === 0)
            return true;

        // (#3)
        $rest_url = wp_parse_url( site_url( $prefix ) );
        $current_url = wp_parse_url( add_query_arg( array( ) ) );
        return strpos( $current_url['path'], $rest_url['path'], 0 ) === 0;
    }
}

function is_wplogin(){
    $ABSPATH_MY = str_replace(array('\','/'), DIRECTORY_SEPARATOR, ABSPATH);
    return ((in_array($ABSPATH_MY.'wp-login.php', get_included_files()) || in_array($ABSPATH_MY.'wp-register.php', get_included_files()) ) || (isset($_GLOBALS['pagenow']) && $GLOBALS['pagenow'] === 'wp-login.php') || $_SERVER['PHP_SELF']== '/wp-login.php');
}

Method 6

add this to the .htaccess in your root directory

redirect 301 /wordpress http://www.domain.com

EDIT: This is really just a quick fix, there might be better solutions. Another way would be to add a function to your functions.php file, that is then called in wp_head() to redirect that way. Using that method you could also allow yourself to view it with a simple IP check.

Method 7

If you want to keep your REST api working use this in your index.php:

<?php
/**
 * Front to the WordPress application. This file doesn't do anything, but loads
 * wp-blog-header.php which does and tells WordPress to load the theme.
 *
 * @package WordPress
 */

/**
 * Tells WordPress to load the WordPress theme and output it.
 *
 * @var bool
 */
define( 'WP_USE_THEMES', false );

/** Loads the WordPress Environment and Template */
require __DIR__ . '/wp-blog-header.php';

Method 8

I’m building a Gatsby site with GraphQL, using WordPress as a headless CMS. I really didn’t like the idea of someone landing by chance on the WordPress backend and figuring out how to hack their way in, so I followed @Marcin instructions (see above), i.e. I created

  • a new theme folder (I called it turn-off-frontend as per @Marcin) and inside it I placed a
  • style.css (using @Marcin default code) and an
  • index.php

Inside index.php I followed @dev_masta suggestions, but modified them slightly:

  1. I didn’t put the code inside header.php – I didn’t create this file – but put it in index.php.
  2. I didn’t want the redirect to go to the WordPress /wp-login.php. Rather I wanted it to go to my Gatsby site:

Obviously, this is the Gatsby dev environment and will have to be changed to the correct URL when the site goes live.

    //index.php
    <?php
    /* Redirect browser */
    header("Location: http://localhost:8000");
    exit;

I uploaded the turn-off-frontend theme to wp-content/themes and activated it and it worked. When I went to my WordPress url I was bounced directly to my Gatsby site. However, when I went back inside WordPress admin > Appearance to edit the menu, the ‘Menus’ link had disappeared!

To fix this, I created a functions.php file inside the turn-off-frontend theme and added the following code (from the WordPress Codex):

   //functions.php
   <?php
   function register_my_menu() {
      register_nav_menu('header-menu',__( 'Header Menu' ));
    }
    add_action( 'init', 'register_my_menu' );

And the menu was available for adding pages and posts once more.

Hope someone finds this useful.


All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0

Leave a Comment