Support » Plugins » Plugin Advice (security)

  • I have developed a fitness plug that allows members to post their fitness updates, weight updates, and set challenges for themselves. Everything is working great.

    Right now the members are all Authors on the site. I have developed three custom Post pages that basically so the same as a the default Post page does but with some additional fields that they enter as part of their fitness updates.

    The Authors have to log in obviously and then they really only have their profile and the custom three (fitness, weight, and challenges) Post options available to them.

    What I am thinking about it making these three custom Post pages available to the users outside of the WP admin area. Ideally I want them to be just normal page and then they don’t need to access the WP admin.

    I would just use the catch to see if they are logged in and if they are then show the page content (custom form). Pretty much like so….

    <?php
    if (is_user_logged_in()){
        // show form
    }
    else {
        // show something else or redirect them to home page
    };
    ?>

    The advice I am looking for is if this is a good idea of bad? Should I keep them in the WP admin? Mostly concerned about security and someone coming along and being able to post something to the site and not be a member (Author).

    I know there are a few Profile plugins that allow you to edit your project on a content page and not go into the WP admin. That is basically what I want to do for my custom Post forms.

    Technically doing it shouln’t be a problem for me. I just want it to be as secure as possible.

    Thoughts?

    Thanks in advance.

  • The topic ‘Plugin Advice (security)’ is closed to new replies.