PathGuard Redirects

URL Blocker is a lightweight, developer-friendly plugin that lets site administrators block any relative URL on their WordPress site and control exactly what happens when a visitor tries to access it.

How it works

Add the relative paths you want to block (one per line) and choose what should happen when someone visits them:

• Custom URL redirect — send visitors to any destination URL with a 302 redirect.
• 404 Not Found — serve your theme’s native 404 page with a proper HTTP 404 status header (no redirect, the URL stays the same).

Key features

• Block any number of relative paths (e.g. /secret-page/, /members-only/).
• Choose the redirect action per-site: custom URL or 404 page.
• Exclude Admins — logged-in administrators are bypassed by default so they always have access. The option can be unchecked to restrict admins too.
• One-click access via the Settings link on the Plugins list page.
• All plugin data is removed from the database automatically when the plugin is deactivated.
• Paths matched with and without trailing slash — /secret-page and /secret-page/ both work.
• URL-encoded paths are decoded before matching, preventing bypass attempts like /%73ecret-page/.

Security

• CSRF protection on every save using WordPress nonces.
• Strict capability check (manage_options) before processing any form data.
• All input is sanitised (sanitize_textarea_field, esc_url_raw, sanitize_key).
• All output is escaped (esc_textarea, esc_attr, esc_html_e).
• Uses wp_safe_redirect to prevent open-redirect abuse.