Title: Headless Login Guard
Author: Andrew Wilkinson
Published: <strong>2026년 5월 18일</strong>
Last modified: 2026년 5월 18일

---

플러그인 검색

![](https://ps.w.org/headless-login-guard/assets/banner-772x250.png?rev=3536308)

![](https://ps.w.org/headless-login-guard/assets/icon-256x256.png?rev=3536307)

# Headless Login Guard

 작성자: [Andrew Wilkinson](https://profiles.wordpress.org/andrew40/)

[다운로드](https://downloads.wordpress.org/plugin/headless-login-guard.1.0.1.zip)

 * [세부사항](https://ko.wordpress.org/plugins/headless-login-guard/#description)
 * [평가](https://ko.wordpress.org/plugins/headless-login-guard/#reviews)
 *  [설치](https://ko.wordpress.org/plugins/headless-login-guard/#installation)
 * [개발](https://ko.wordpress.org/plugins/headless-login-guard/#developers)

 [지원](https://wordpress.org/support/plugin/headless-login-guard/)

## 설명

A lightweight plugin that **forces login for backend access** in a headless WordPress
setup. Keeps your WordPress dashboard private while allowing your front end (e.g.
Astro, Next.js) to pull content via GraphQL/REST.

#### What it does

 * Requires authentication for `/wp-admin/` and other backend pages
 * Always allows the login page to avoid redirect loops
 * Leaves key endpoints open for headless use:
    - `/wp-json/` (REST API)
    - `/graphql` (WPGraphQL)
    - `/wp-admin/admin-ajax.php` (AJAX)
    - `/wp-cron.php` (cron)
    - `/robots.txt`
    - `/sitemap*.xml` (sitemaps and indexes)
    - `/wp-content/uploads/*` (media)
    - `/favicon.ico`
    - `/newrelic` (New Relic monitoring)
 * Logged-in users visiting the backend root get redirected to the dashboard
 * Works with Bedrock layouts (handles root path vs `/wp/`)

#### Use case

 * WordPress is the content backend
 * Public site is built with Astro/Next.js/etc
 * Editors log in to WordPress. Visitors never see the backend
 * Front end builds and live pages can still query GraphQL/REST without authentication

#### Customization

Developers can customize allowed endpoints using the `force_login_allowed_patterns`
filter:

    ```
    add_filter('force_login_allowed_patterns', function($patterns) {
        $patterns[] = '#^/healthz$#';           // custom health check
        $patterns[] = '#^/status$#';            // uptime checks
        $patterns[] = '#^/wp-json/acf/v3/.*#';  // specific REST namespace
        return $patterns;
    });
    ```

## 설치

 1. Upload the plugin files to the `/wp-content/plugins/force-login` directory, or 
    install the plugin through the WordPress plugins screen directly.
 2. Activate the plugin through the ‘Plugins’ screen in WordPress.
 3. The plugin will automatically start protecting your backend – no configuration 
    needed!

## FAQ

### I’m locked out! How do I access my site?

Visit `/wp-login.php` directly to sign in. The plugin always allows access to the
login page.

### My front-end requests are failing. What should I do?

Verify the endpoint is on the allow list. Check the plugin description for the default
allowed patterns, or use the `force_login_allowed_patterns` filter to add custom
endpoints.

### Does this work with Bedrock?

Yes! The plugin correctly handles both standard WordPress installs and Bedrock layouts
where the site URL and home URL may differ.

### Can I add custom endpoints?

Yes, use the `force_login_allowed_patterns` filter to add your own regex patterns
for additional endpoints that should remain public.

## 후기

이 플러그인에 대한 평가가 없습니다.

## 기여자 & 개발자

“Headless Login Guard”(은)는 오픈 소스 소프트웨어입니다. 다음의 사람들이 이 플러그인에
기여하였습니다.

기여자

 *   [ Andrew Wilkinson ](https://profiles.wordpress.org/andrew40/)

[자국어로 “Headless Login Guard”(을)를 번역하세요.](https://translate.wordpress.org/projects/wp-plugins/headless-login-guard)

### 개발에 관심이 있으십니까?

[코드 탐색하기](https://plugins.trac.wordpress.org/browser/headless-login-guard/)
는, [SVN 저장소](https://plugins.svn.wordpress.org/headless-login-guard/)를 확인하시거나,
[개발 기록](https://plugins.trac.wordpress.org/log/headless-login-guard/)을 [RSS](https://plugins.trac.wordpress.org/log/headless-login-guard/?limit=100&mode=stop_on_copy&format=rss)
로 구독하세요.

## 변경이력

#### 1.0.1

 * Added: New Relic monitoring endpoint allowlist pattern (`/newrelic`) to support
   APM monitoring
 * Added: WordPress.org plugin directory compatibility
 * Added: Proper plugin structure with activation/deactivation hooks
 * Added: Filter hook for customizing allowed patterns
 * Improved: Code organization and documentation

#### 1.0.0

 * Initial release
 * Restricts backend (`/wp-admin/`) to authenticated users
 * Allows GraphQL and REST API endpoints for headless front-ends
 * Basic whitelist of essential endpoints (cron, ajax, robots.txt, sitemaps, uploads)

## 기초

 *  버전 **1.0.1**
 *  최근 업데이트: **2개월 전**
 *  활성화된 설치 **10보다 적음**
 *  워드프레스 버전 ** 6.0 또는 그 이상 **
 *  다음까지 시험됨: **6.9.4**
 *  PHP 버전 ** 8.1 또는 그 이상 **
 *  언어
 * [English (US)](https://wordpress.org/plugins/headless-login-guard/)
 * 태그:
 * [GraphQL](https://ko.wordpress.org/plugins/tags/graphql/)[headless](https://ko.wordpress.org/plugins/tags/headless/)
   [login](https://ko.wordpress.org/plugins/tags/login/)[rest-api](https://ko.wordpress.org/plugins/tags/rest-api/)
   [security](https://ko.wordpress.org/plugins/tags/security/)
 *  [고급 보기](https://ko.wordpress.org/plugins/headless-login-guard/advanced/)

## 평점

아직 제출된 리뷰가 없습니다.

[Your review](https://wordpress.org/support/plugin/headless-login-guard/reviews/#new-post)

[모든  리뷰 보기](https://wordpress.org/support/plugin/headless-login-guard/reviews/)

## 기여자

 *   [ Andrew Wilkinson ](https://profiles.wordpress.org/andrew40/)

## 지원

할 말 있으신가요? 도움이 필요하신가요?

 [지원 포럼 보기](https://wordpress.org/support/plugin/headless-login-guard/)