Title: is_protected_endpoint
Published: May 7, 2019
Last modified: February 24, 2026

---

# is_protected_endpoint(): bool

## In this article

 * [Return](https://developer.wordpress.org/reference/functions/is_protected_endpoint/?output_format=md#return)
 * [Source](https://developer.wordpress.org/reference/functions/is_protected_endpoint/?output_format=md#source)
 * [Hooks](https://developer.wordpress.org/reference/functions/is_protected_endpoint/?output_format=md#hooks)
 * [Related](https://developer.wordpress.org/reference/functions/is_protected_endpoint/?output_format=md#related)
 * [Changelog](https://developer.wordpress.org/reference/functions/is_protected_endpoint/?output_format=md#changelog)

[ Back to top](https://developer.wordpress.org/reference/functions/is_protected_endpoint/?output_format=md#wp--skip-link--target)

Determines whether we are currently on an endpoint that should be protected against
WSODs.

## 󠀁[Return](https://developer.wordpress.org/reference/functions/is_protected_endpoint/?output_format=md#return)󠁿

 bool True if the current endpoint should be protected.

## 󠀁[Source](https://developer.wordpress.org/reference/functions/is_protected_endpoint/?output_format=md#source)󠁿

    ```php
    function is_protected_endpoint() {
    	// Protect login pages.
    	if ( isset( $GLOBALS['pagenow'] ) && 'wp-login.php' === $GLOBALS['pagenow'] ) {
    		return true;
    	}

    	// Protect the admin backend.
    	if ( is_admin() && ! wp_doing_ajax() ) {
    		return true;
    	}

    	// Protect Ajax actions that could help resolve a fatal error should be available.
    	if ( is_protected_ajax_action() ) {
    		return true;
    	}

    	/**
    	 * Filters whether the current request is against a protected endpoint.
    	 *
    	 * This filter is only fired when an endpoint is requested which is not already protected by
    	 * WordPress core. As such, it exclusively allows providing further protected endpoints in
    	 * addition to the admin backend, login pages and protected Ajax actions.
    	 *
    	 * @since 5.2.0
    	 *
    	 * @param bool $is_protected_endpoint Whether the currently requested endpoint is protected.
    	 *                                    Default false.
    	 */
    	return (bool) apply_filters( 'is_protected_endpoint', false );
    }
    ```

[View all references](https://developer.wordpress.org/reference/files/wp-includes/load.php/)
[View on Trac](https://core.trac.wordpress.org/browser/tags/6.9.4/src/wp-includes/load.php#L1180)
[View on GitHub](https://github.com/WordPress/wordpress-develop/blob/6.9.4/src/wp-includes/load.php#L1180-L1209)

## 󠀁[Hooks](https://developer.wordpress.org/reference/functions/is_protected_endpoint/?output_format=md#hooks)󠁿

 [apply_filters( ‘is_protected_endpoint’, bool $is_protected_endpoint )](https://developer.wordpress.org/reference/hooks/is_protected_endpoint/)

Filters whether the current request is against a protected endpoint.

## 󠀁[Related](https://developer.wordpress.org/reference/functions/is_protected_endpoint/?output_format=md#related)󠁿

| Uses | Description | 
| [is_protected_ajax_action()](https://developer.wordpress.org/reference/functions/is_protected_ajax_action/)`wp-includes/load.php` |

Determines whether we are currently handling an Ajax action that should be protected against WSODs.

  | 
| [wp_doing_ajax()](https://developer.wordpress.org/reference/functions/wp_doing_ajax/)`wp-includes/load.php` |

Determines whether the current request is a WordPress Ajax request.

  | 
| [is_admin()](https://developer.wordpress.org/reference/functions/is_admin/)`wp-includes/load.php` |

Determines whether the current request is for an administrative interface page.

  | 
| [apply_filters()](https://developer.wordpress.org/reference/functions/apply_filters/)`wp-includes/plugin.php` |

Calls the callback functions that have been added to a filter hook.

  |

[Show 2 more](https://developer.wordpress.org/reference/functions/is_protected_endpoint/?output_format=md#)
[Show less](https://developer.wordpress.org/reference/functions/is_protected_endpoint/?output_format=md#)

| Used by | Description | 
| [WP_Recovery_Mode::handle_error()](https://developer.wordpress.org/reference/classes/wp_recovery_mode/handle_error/)`wp-includes/class-wp-recovery-mode.php` |

Handles a fatal error occurring.

  | 
| [WP_Fatal_Error_Handler::display_default_error_template()](https://developer.wordpress.org/reference/classes/wp_fatal_error_handler/display_default_error_template/)`wp-includes/class-wp-fatal-error-handler.php` |

Displays the default PHP error template.

  |

## 󠀁[Changelog](https://developer.wordpress.org/reference/functions/is_protected_endpoint/?output_format=md#changelog)󠁿

| Version | Description | 
| [5.2.0](https://developer.wordpress.org/reference/since/5.2.0/) | Introduced. |

## User Contributed Notes

You must [log in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fdeveloper.wordpress.org%2Freference%2Ffunctions%2Fis_protected_endpoint%2F)
before being able to contribute a note or feedback.