Ensure the user is administrator before processing AJAX requets

amElnagdy / salt-shaker

Salt Shaker allows you to change WP security keys and salt manually and automatically.

https://nagdy.net/salt-shaker/

9 stars 3 forks source link

Ensure the user is administrator before processing AJAX requets #4

Closed ghost closed 7 years ago

ghost commented 7 years ago

Right now, nothing prevent any authenticated (even Subscribers) user to change the salts. I added a check based on the role name, so only the administrators will be able to call these two AJAX endpoints.