The file in question (
However, it’s important to note that WordPress has addressed this issue in their newer versions. If your WordPress installation is updated, you should be fine.
But if you still want to restrict access to this file for everyone except logged-in users, you can do it using the
Here is an example of a rule you could add to your
Deny from all
Allow from localhost
This rule will block access to
load-scripts.php from all IP addresses except localhost.
Please note that this solution is not perfect, as it does not technically limit access to logged-in users, but rather to requests originating from the same server. This means that it would not prevent an attack from another script running on the same server.
A more secure, but complex, solution would involve modifying your WordPress installation to add an authentication check inside the
load-scripts.php file. This would require PHP coding knowledge and would be more involved, but it would provide a more robust solution to this issue.
Also, make sure to always keep your WordPress updated to the latest version to benefit from the latest security patches and improvements.