To block the specific URL “wp-admin/admin-ajax.php?action=rest-nonce” in WordPress, you can use a combination of techniques, including modifying your .htaccess file or using a security plugin. Here’s a step-by-step guide on how to achieve this:
Method 1: Modifying .htaccess file
- Access your WordPress site’s root directory using an FTP client or file manager provided by your web hosting provider.
- Look for the .htaccess file in the root directory. If you can’t find it, make sure you have enabled the option to show hidden files.
- Open the .htaccess file using a text editor.
- Add the following lines of code at the beginning or end of the file:
<Files "admin-ajax.php">
Order Allow,Deny
Deny from all
</Files>
- Save the changes to the .htaccess file and upload it back to your site’s root directory.
- Test your website by accessing the URL “wp-admin/admin-ajax.php?action=rest-nonce” to ensure it is blocked. You should see a “403 Forbidden” error.
Method 2: Using a WordPress security plugin
- Log in to your WordPress admin dashboard.
- Navigate to the “Plugins” section and click on “Add New”.
- Search for a security plugin such as “Wordfence” or “Sucuri” and install it.
- Once installed, activate the plugin.
- Depending on the plugin you choose, you may find a dedicated settings page or options related to blocking specific URLs or blocking access to the WordPress admin area.
- Look for an option to block URLs or add custom rules, and enter “wp-admin/admin-ajax.php?action=rest-nonce” as the URL to block.
- Save the settings, and the plugin will take care of blocking the specified URL.
Remember to exercise caution when making changes to your site’s configuration files. Make sure you have a backup of your site before proceeding and consider consulting with a developer or expert if you’re unsure about the process.

As a seasoned professional with over 10 years of experience and a Highly skilled technical SEO & WordPress security specialist. With a deep understanding of search engine algorithms and a track record of success in optimizing websites for search. Also, ensure websites are protected from potential vulnerabilities. I always dedicated to providing high-quality services and strong focus on client satisfaction. With certifications from leading industry organizations such as Google, Linkedin, Udemy, SEMrush, Mangools, and Yoast Academy.