Restricting access to a file for everyone except logged in users

The file in question (load-scripts.php) is part of WordPress’s admin interface. It’s generally used to improve the performance of the admin panel by combining multiple JavaScript files into a single request. That being said, access to this file should be restricted to logged-in users only, as it could potentially be misused in a DoS attack as described in CVE-2018-6389.

However, it’s important to note that WordPress has addressed this issue in their newer versions. If your WordPress installation is updated, you should be fine.

But if you still want to restrict access to this file for everyone except logged-in users, you can do it using the .htaccess file.

Here is an example of a rule you could add to your .htaccess file:

<Files load-scripts.php>
    Order Deny,Allow
    Deny from all
    Allow from localhost

This rule will block access to load-scripts.php from all IP addresses except localhost.

Please note that this solution is not perfect, as it does not technically limit access to logged-in users, but rather to requests originating from the same server. This means that it would not prevent an attack from another script running on the same server.

A more secure, but complex, solution would involve modifying your WordPress installation to add an authentication check inside the load-scripts.php file. This would require PHP coding knowledge and would be more involved, but it would provide a more robust solution to this issue.

Also, make sure to always keep your WordPress updated to the latest version to benefit from the latest security patches and improvements.