markkap
commented
3 years ago not as simple as hoped, ended adding additional case for "front end" html generation as having one header set of the whole site resulted in "headers sent" type of error during testing which requires too much effort to properly resolve.
Right now only login page and the admin screen are prevented, which is a simplistic view on how login and admin functionalities works since they can be exposed via ajax/rest APIs without being on a proper login/admin page.