In WordPress, I am trying to get a script to work, which runs in my plugin's directory and gets directly called by the browser via its URL, e.g. www.example.org/wp-content/plugins/myplugin/script.php. The script should only be available for logged-in admins.
What I tried to do was to include /wp-admin/admin.php
at the very beginning of the script, to bootstrap WordPress' functionality, and to check for the sufficient permissions. However, during this bootstrapping process, WordPress redirects me to the log-in-screen, even tough I already am logged in. That is, because the WordPress-authentification-cookie isn't available outside the /wp-admin-directory.
So, because my approach obviously doesn't work, I was wondering: What is the best practice to run WordPress-admin-scripts, outside the admin-directory? Is there some "wrapper"-script inside /wp-admin I could use, like there is admin-ajax.php
for AJAX-calls? Or isn't it even Wordpress, but just my server-configuration that the auth-cookie is only available in /wp-admin?
Also, please note it is not an option to register an admin-menu-item, because the script shall be loaded as a pop-up, and not be available in the menu.
Thanks in advance for your kind help.