[theme-reviewers] Exposing admin urls

Srikanth Koneru tskk79 at gmail.com
Fri May 17 11:15:23 UTC 2013


I was asked to wrap current_user_can('edit_theme_options') around an admin
url once, so you are not being picky :)
You can ask the theme author to display that message only for admin of the
blog.


On Fri, May 17, 2013 at 4:38 PM, esmi at quirm dot net <esmi at quirm.net>wrote:

> Just started my first theme review, so this may be the first of many
> questions. Sorry... :-)
>
> How do we feel about exposing admin urls when a user is not logged in?
>
> The theme I am reviewing uses admin_url() in the unpopulated sidebar and
> footer to direct the site admin to Appearance -> Widgets. But this link is
> also visible to non-logged-in users. I appreciate that the WP admin url is
> hardly a secret but, if was me, I'd only display the link within a
> conditional to check that the user is logged in & had the appropriate
> privileges.
>
> Is this worth noting? Perhaps as a recommended fix in a future version? Or
> am I being just too darn picky?
>
> Mel
> --
> http://quirm.net
> http://blackwidows.co.uk
> ______________________________**_________________
> theme-reviewers mailing list
> theme-reviewers at lists.**wordpress.org<theme-reviewers at lists.wordpress.org>
> http://lists.wordpress.org/**mailman/listinfo/theme-**reviewers<http://lists.wordpress.org/mailman/listinfo/theme-reviewers>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wordpress.org/pipermail/theme-reviewers/attachments/20130517/9a40cb12/attachment.html>


More information about the theme-reviewers mailing list