0

I need htaccess rewrite to block request if don't have GET=action or POST=action.

If somebody run 

 example.com/wp-admin/admin-ajax.php

then he will see error 404.

I think that this should have rewrite could, but I don't know how this work:

  RewriteRule ^wp-admin/admin-ajax.php$ index.php [L,QSA]
Amit Verma
  • 40,709
  • 21
  • 93
  • 115
unknown
  • 97
  • 1
  • 3
  • 10
  • `GET=action` or `POST=action`? What do you mean? – D4V1D Apr 02 '15 at 07:44
  • 2
    The other question is: Why? admin-ajax.php without a registered action returns 0. Why do you want to "block" it? – Nico Martin Apr 02 '15 at 07:59
  • if somebody run example.com/wp-admin/admin-ajax.php then it should see 404 error. Only request with param "action" and ajax requests should be acceptance. – unknown Apr 02 '15 at 09:18

2 Answers2

5

Is your wp-admin folder protected by .htaccess?

You need a whitelist like this (inside the wp-admin folder):

# Allow access to wp-admin/admin-ajax.php
<Files admin-ajax.php>
    Order allow,deny
    Allow from all
    Satisfy any
</Files>

whitelisted-admin-ajax-htaccess

ratoli
  • 51
  • 1
  • 2
0

You don't specify why you want to do this, but I can't think of a good reason to.

If you're worried about security (a) don't be, (b) protecting it this way isn't going to help you.

Nor will doing this make any difference to server load.

If it's showing in search results for some reason (not that I've ever seen that happen), just add it to your robots.txt file or use Google Webmaster Tools.

William Turrell
  • 3,227
  • 7
  • 39
  • 57