要么使用wp-load.php （性能征税）或执行以下操作：

// Capture \'init\' event in a plugin placed in /wp-content/mu-plugins/
// This will keep the shared cookie fresh for each load.
add_action(\'init\', function(){
    $cookie_server = $_SERVER[\'SERVER_NAME\'];
    // To work an all subdomains uncomment:
    // $cookie_server = strchr($_SERVER[\'SERVER_NAME\'], \'.\');
    // Now check if current user is an Admin and do this: Signal Admin presence by
    // setting up a special value cookie that you can detect in your other script.
    // Prepare a salt and a hash here caculated from $salt, User-Agent and Remote IP
    $special_salt = \'setup a string here others will not know\';
    $special_hash = md5($_SERVER[\'HTTP_USER_AGENT\'].$_SERVER[\'REMOTE_ADDR\'].$special_salt);
    if(!current_user_can(\'activate_plugins\')){
        // If the user is not an admin remove the special cookie (if exists)
        setcookie(\'crosscript_auth\', null, time() - 24 * 3600, \'/\', $cookie_server, is_ssl(), true);
    }else{
        // If the user is an admin add the special cookie with the $special_hash value
        setcookie(\'crosscript_auth\', $special_hash, strtotime(\'+1 week\'), \'/\', $cookie_server, is_ssl(), true);
    }
    // Now, in your other script, use the $special_salt and $special_hash from here
    // to compare to the $_COOKIE[\'crosscript_auth\'], if available.
    // That will tell you if an Admin is logged in
}); // PHP 5.3 Closure, just change to named function for 5.2

只需阅读代码中的注释。我试图描述它背后的全部逻辑。它非常安全，并且特殊的Cookie绑定到IP/用户代理。有了适当的盐，你应该不会有问题，除非1337黑客以你为目标：）这也是你调整的开始。

当做

PS: <如需任何其他澄清，请随时询问