[wp-hackers] wp-admin folder and admin-ajax.php

Lox lox.dev at knc.nc
Wed Aug 11 09:25:48 UTC 2010


2010/8/11 Peter Westwood <peter.westwood at ftwr.co.uk>

> If you have a plugin that is using admin-ajax for something which doesn't
> require authentication then it should likely be rewritten to not require
> access to admin-ajax otherwise you want it to use it for the improved
> security.
>

I use ajax-admin.php for a login form (so user is not yet authenticated),
and it works nicely.
Isn't it "best practice" ? What are the security issue of doing so ?

Regards

-- 
Lox
lox.dev at knc.nc


More information about the wp-hackers mailing list