Why does Next.js generated sites have /wp-login and /wp-admin routes show 403 Forbidden?
#73883
Unanswered
waterrmalann
asked this question in
Help
Replies: 1 comment
-
|
That could be part of a security feature. I know that malicious bots often scan for WordPress endpoints. So if your site is not remotely related to wordpress, a wp-admin request, can be concluded to be part of a bot attack. And again, as part of a security feature, perhaps reaching wp-admin, and others, is only allowed for certain IPs, or other access form determinants. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Summary
You could see this in action by going to https://nextjs.org/wp-admin or https://nextjs.org/wp-login
I initially noticed this in one of my own Next.js 15 projects and it got me wondering why these routes could be forbidden instead of being not found when Next.js has nothing to do with Wordpress?
I haven't been able to replicate this locally (I think it has something to do with Next.js sites hosted on Vercel).
I apologize in advance if this is the wrong place to ask this, I could not find anything related to this online.
Additional information
No response
Example
https://nextjs.org/wp-admin
Beta Was this translation helpful? Give feedback.
All reactions