DEV Community

Discussion on: Why is_admin() is totally unsafe for your Wordpress development

stonehengecreations profile image

Great article!
In my plugins there are often options that some admins only want available in the back-end, while front-end submission & editing is on the rise. A rather simple check for /wp-admin/ (excluding ajax.php) in the url suffices for me. If it's there, the user has to be logged in, be in the back-end and then current_user_can() will decide to yes/no show the rest.