[wp-hackers] wp-admin folder and admin-ajax.php
Lox
lox.dev at knc.nc
Wed Aug 11 09:25:48 UTC 2010
2010/8/11 Peter Westwood <peter.westwood at ftwr.co.uk>
> If you have a plugin that is using admin-ajax for something which doesn't
> require authentication then it should likely be rewritten to not require
> access to admin-ajax otherwise you want it to use it for the improved
> security.
>
I use ajax-admin.php for a login form (so user is not yet authenticated),
and it works nicely.
Isn't it "best practice" ? What are the security issue of doing so ?
Regards
--
Lox
lox.dev at knc.nc
More information about the wp-hackers
mailing list