I am using WordPress exclusively as a backoffice for my Next-js app. I only need 3 endpoints:
https://mydomain/graphql/*https://mydomain/wp-admin/*https://mydomain/wp-content/*I don't want to have anything else accessible. Is it somthing I should configure in the HTACCESS file or should I use a plugin?
You could potentially do something like the following at the top of your root .htaccess file to block all URLs, except for those that start /graphql/, /wp-admin/ or /wp-content/.
For example, try the following:
RewriteEngine On
RewriteRule !^(graphql|wp-admin|wp-content)/ - [F]
If anything else is requested then a 403 Forbidden is served.
However, I suspect there will be other URLs/files that still need to be accessible for this to work?