[wp-hackers] wp-admin folder and admin-ajax.php

Ben Huson ben at thewhiteroom.net
Wed Aug 11 09:47:19 UTC 2010


Lox,

The difficulty is if a user has their wp-admin folder protected with
htacess (either IP restricted or password protected as an extra level
of security), then the AJAX requests won't work unless a user is
authenticated.

- Ben

On 11 August 2010 10:25, Lox <lox.dev at knc.nc> wrote:
> 2010/8/11 Peter Westwood <peter.westwood at ftwr.co.uk>
>
>> If you have a plugin that is using admin-ajax for something which doesn't
>> require authentication then it should likely be rewritten to not require
>> access to admin-ajax otherwise you want it to use it for the improved
>> security.
>>
>
> I use ajax-admin.php for a login form (so user is not yet authenticated),
> and it works nicely.
> Isn't it "best practice" ? What are the security issue of doing so ?
>
> Regards
>
> --
> Lox
> lox.dev at knc.nc
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>


More information about the wp-hackers mailing list