Title: Headless Login Guard
Author: Andrew Wilkinson
Published: <strong>মে’ 18, 2026</strong>
Last modified: মে’ 18, 2026

---

প্লাগিনৰ সন্ধান কৰক

![](https://ps.w.org/headless-login-guard/assets/banner-772x250.png?rev=3536308)

![](https://ps.w.org/headless-login-guard/assets/icon-256x256.png?rev=3536307)

# Headless Login Guard

 [Andrew Wilkinson](https://profiles.wordpress.org/andrew40/)-ৰ দ্বাৰা

[ডাউনল’ড কৰক](https://downloads.wordpress.org/plugin/headless-login-guard.1.0.1.zip)

 * [বিশদ বিৱৰণ](https://as.wordpress.org/plugins/headless-login-guard/#description)
 * [পৰ্য্যালোচনা](https://as.wordpress.org/plugins/headless-login-guard/#reviews)
 *  [ইনষ্টলেশ্যন](https://as.wordpress.org/plugins/headless-login-guard/#installation)
 * [বিকাশ](https://as.wordpress.org/plugins/headless-login-guard/#developers)

 [সাহায্য](https://wordpress.org/support/plugin/headless-login-guard/)

## বৰ্ণনা

A lightweight plugin that **forces login for backend access** in a headless WordPress
setup. Keeps your WordPress dashboard private while allowing your front end (e.g.
Astro, Next.js) to pull content via GraphQL/REST.

#### What it does

 * Requires authentication for `/wp-admin/` and other backend pages
 * Always allows the login page to avoid redirect loops
 * Leaves key endpoints open for headless use:
    - `/wp-json/` (REST API)
    - `/graphql` (WPGraphQL)
    - `/wp-admin/admin-ajax.php` (AJAX)
    - `/wp-cron.php` (cron)
    - `/robots.txt`
    - `/sitemap*.xml` (sitemaps and indexes)
    - `/wp-content/uploads/*` (media)
    - `/favicon.ico`
    - `/newrelic` (New Relic monitoring)
 * Logged-in users visiting the backend root get redirected to the dashboard
 * Works with Bedrock layouts (handles root path vs `/wp/`)

#### Use case

 * WordPress is the content backend
 * Public site is built with Astro/Next.js/etc
 * Editors log in to WordPress. Visitors never see the backend
 * Front end builds and live pages can still query GraphQL/REST without authentication

#### Customization

Developers can customize allowed endpoints using the `force_login_allowed_patterns`
filter:

    ```
    add_filter('force_login_allowed_patterns', function($patterns) {
        $patterns[] = '#^/healthz$#';           // custom health check
        $patterns[] = '#^/status$#';            // uptime checks
        $patterns[] = '#^/wp-json/acf/v3/.*#';  // specific REST namespace
        return $patterns;
    });
    ```

## ইনষ্টলেশ্যন

 1. Upload the plugin files to the `/wp-content/plugins/force-login` directory, or 
    install the plugin through the WordPress plugins screen directly.
 2. Activate the plugin through the ‘Plugins’ screen in WordPress.
 3. The plugin will automatically start protecting your backend – no configuration 
    needed!

## সঘনাই উত্থাপিত প্ৰশ্ন

### I’m locked out! How do I access my site?

Visit `/wp-login.php` directly to sign in. The plugin always allows access to the
login page.

### My front-end requests are failing. What should I do?

Verify the endpoint is on the allow list. Check the plugin description for the default
allowed patterns, or use the `force_login_allowed_patterns` filter to add custom
endpoints.

### Does this work with Bedrock?

Yes! The plugin correctly handles both standard WordPress installs and Bedrock layouts
where the site URL and home URL may differ.

### Can I add custom endpoints?

Yes, use the `force_login_allowed_patterns` filter to add your own regex patterns
for additional endpoints that should remain public.

## পৰ্য্যালোচনা

এই প্লাগিনৰ বাবে কোনো পৰ্য্যালোচনা নাই।

## অৱদানকাৰী আৰু বিকাশকাৰীসকল

“Headless Login Guard” হৈছে মুক্ত উৎসৰ ছফ্টৱেৰ। এইসকল লোকে এই প্লাগিনত অৱদান আগবঢ়াইছে।

অৱদানকাৰীসকল

 *   [ Andrew Wilkinson ](https://profiles.wordpress.org/andrew40/)

[আপোনাৰ ভাষাত “Headless Login Guard” অনুবাদ কৰক।](https://translate.wordpress.org/projects/wp-plugins/headless-login-guard)

### বিকাশৰ প্ৰতি আগ্ৰহী?

[ক’ড ব্ৰাউজ কৰক](https://plugins.trac.wordpress.org/browser/headless-login-guard/),
[SVN ৰিপজিটৰী](https://plugins.svn.wordpress.org/headless-login-guard/) চাওক নাইবা
[RSS](https://plugins.trac.wordpress.org/log/headless-login-guard/?limit=100&mode=stop_on_copy&format=rss)-
দ্বাৰা [বিকাশৰ পঞ্জী](https://plugins.trac.wordpress.org/log/headless-login-guard/)
ছাবস্ক্ৰাইব কৰক।

## সলনি-পঞ্জী

#### 1.0.1

 * Added: New Relic monitoring endpoint allowlist pattern (`/newrelic`) to support
   APM monitoring
 * Added: WordPress.org plugin directory compatibility
 * Added: Proper plugin structure with activation/deactivation hooks
 * Added: Filter hook for customizing allowed patterns
 * Improved: Code organization and documentation

#### 1.0.0

 * Initial release
 * Restricts backend (`/wp-admin/`) to authenticated users
 * Allows GraphQL and REST API endpoints for headless front-ends
 * Basic whitelist of essential endpoints (cron, ajax, robots.txt, sitemaps, uploads)

## মেটা

 *  **1.0.1** সংস্কৰণ
 *  **2 মাহ আগত** শেষবাৰ আপডে’ট হৈছিল
 *  সক্ৰিয় ইনষ্টলেশ্যন **10টাতকৈ কম**
 *  WordPress-ৰ সংস্কৰণ ** 6.0 বা তাতকৈ ওপৰৰ **
 *  ইমানলৈকে পৰীক্ষা কৰা হৈছে **6.9.4**
 *  PHP-ৰ সংস্কৰণ ** 8.1 বা তাতকৈ ওপৰৰ **
 *  ভাষা
 * [English (US)](https://wordpress.org/plugins/headless-login-guard/)
 * [GraphQL](https://as.wordpress.org/plugins/tags/graphql/)[headless](https://as.wordpress.org/plugins/tags/headless/)
   [login](https://as.wordpress.org/plugins/tags/login/)[rest-api](https://as.wordpress.org/plugins/tags/rest-api/)
   [security](https://as.wordpress.org/plugins/tags/security/)
 *  টেগবোৰ
 *  [উচ্চখাপৰ ভিউ](https://as.wordpress.org/plugins/headless-login-guard/advanced/)

## ৰে’টিংবোৰ

এতিয়ালৈ কোনো পৰ্য্যালোচনা দাখিল কৰা হোৱা নাই।

[Your review](https://wordpress.org/support/plugin/headless-login-guard/reviews/#new-post)

[See all reviews](https://wordpress.org/support/plugin/headless-login-guard/reviews/)

## অৱদানকাৰীসকল

 *   [ Andrew Wilkinson ](https://profiles.wordpress.org/andrew40/)

## সাহায্য

কিবা ক’বলগীয়া আছে? সহায় লাগে?

 [সাহায্যৰ ফ’ৰাম চাওক](https://wordpress.org/support/plugin/headless-login-guard/)