[wp-hackers] wp-admin folder and admin-ajax.php

Lox lox.dev at knc.nc
Wed Aug 11 09:25:48 UTC 2010

2010/8/11 Peter Westwood <peter.westwood at ftwr.co.uk>

> If you have a plugin that is using admin-ajax for something which doesn't
> require authentication then it should likely be rewritten to not require
> access to admin-ajax otherwise you want it to use it for the improved
> security.

I use ajax-admin.php for a login form (so user is not yet authenticated),
and it works nicely.
Isn't it "best practice" ? What are the security issue of doing so ?


lox.dev at knc.nc

More information about the wp-hackers mailing list