No, it’s not okay to lock down or block access to wp-admin
and/or it’s sub-directories. Not only you already mentioned this is a crude method, it could and most likely will break the site, depending on its theme/plugins.
The reason is that some plugin or themes depend on either admin-ajax.php
or admin-post.php
to accomplish some tasks. That’s why there are additional global variables in your source.
For example, the pvcArgsFrontend
variable belongs to the Post View Counter plugin, which uses admin-ajax.php
to update a post’s view count. If you block wp-admin
, you know what happens.