[wp-hackers] backend script that will do only authentication, without loading complete WordPress

Andrew Nacin wp at andrewnacin.com
Mon Jan 31 12:03:38 UTC 2011

On Mon, Jan 31, 2011 at 2:15 AM, Davit Barbakadze <jayarjo at gmail.com> wrote:

> We need to repeatedly send some info from client-side to WordPress
> backend, but I guess loading complete WordPress to execute some very
> simple operations would be an overkill. I knew there was a workaround
> for load-script.php which minifies admin scripts, but looking at the
> code now I see that it doesn't check for authentication, does it? In
> our case that might be harmful. We need to check whether user is
> logged in and is an admin. Is there an easy way to do that, without
> loading complete WordPress?

I don't see how loading WordPress is going to be overkill. You need to load
WordPress to do what you're trying to do -- authentication requires quite a
bit to be loaded, including plugins, particularly if they're altering the
authentication process. Therefore this doesn't seem to have much practical

There's no workaround in load-scripts/styles.php; as you've found, they
simply don't do any authentication.


More information about the wp-hackers mailing list