Title: Plugin Advice (security)
Last modified: August 19, 2016

---

# Plugin Advice (security)

 *  [husar](https://wordpress.org/support/users/husar/)
 * (@husar)
 * [15 years, 8 months ago](https://wordpress.org/support/topic/plugin-advice-security/)
 * I have developed a fitness plug that allows members to post their fitness updates,
   weight updates, and set challenges for themselves. Everything is working great.
 * Right now the members are all Authors on the site. I have developed three custom
   Post pages that basically so the same as a the default Post page does but with
   some additional fields that they enter as part of their fitness updates.
 * The Authors have to log in obviously and then they really only have their profile
   and the custom three (fitness, weight, and challenges) Post options available
   to them.
 * What I am thinking about it making these three custom Post pages available to
   the users outside of the WP admin area. Ideally I want them to be just normal
   page and then they don’t need to access the WP admin.
 * I would just use the catch to see if they are logged in and if they are then 
   show the page content (custom form). Pretty much like so….
 *     ```
       <?php
       if (is_user_logged_in()){
           // show form
       }
       else {
           // show something else or redirect them to home page
       };
       ?>
       ```
   
 * The advice I am looking for is if this is a good idea of bad? Should I keep them
   in the WP admin? Mostly concerned about security and someone coming along and
   being able to post something to the site and not be a member (Author).
 * I know there are a few Profile plugins that allow you to edit your project on
   a content page and not go into the WP admin. That is basically what I want to
   do for my custom Post forms.
 * Technically doing it shouln’t be a problem for me. I just want it to be as secure
   as possible.
 * Thoughts?
 * Thanks in advance.

The topic ‘Plugin Advice (security)’ is closed to new replies.

 * 0 replies
 * 1 participant
 * Last reply from: [husar](https://wordpress.org/support/users/husar/)
 * Last activity: [15 years, 8 months ago](https://wordpress.org/support/topic/plugin-advice-security/)
 * Status: not resolved

## Topics

### Topics with no replies

### Non-support topics

### Resolved topics

### Unresolved topics

### All topics