Title: [Plugin: Edit Flow] Should not require /wp-admin/includes/user.php Last modified: August 19, 2016 --- # [Plugin: Edit Flow] Should not require /wp-admin/includes/user.php * Resolved [robbyslaughter](https://wordpress.org/support/users/robbyslaughter/) * (@robbyslaughter) * [15 years, 7 months ago](https://wordpress.org/support/topic/plugin-edit-flow-should-not-require-wp-adminincludesuserphp/) * It appears that edit-flow requires the file /wp-admin/includes/user.php. This is inadvisable because a common security practice is to delete the /wp-admin/ folder entirely on production WordPress installations. * I believe that [this thread](http://core.trac.wordpress.org/ticket/10781) provides some insight on how to address the problem. Viewing 3 replies - 1 through 3 (of 3 total) * Plugin Author [Mohammad Jangda](https://wordpress.org/support/users/batmoo/) * (@batmoo) * [15 years, 7 months ago](https://wordpress.org/support/topic/plugin-edit-flow-should-not-require-wp-adminincludesuserphp/#post-1705909) * Thanks for your comment [@robbyslaughter](https://wordpress.org/support/users/robbyslaughter/). * Moving or deleting the wp-admin folder is not a recommended practice and can have many unwanted side effects. (See [this post](http://lists.automattic.com/pipermail/wp-hackers/2010-July/033463.html) from Core Developer Andrew Nacin) * If you [secure your blog](http://codex.wordpress.org/Hardening_WordPress) well enough, you shouldn’t have to worry about the wp-admin at all. * That being said, I actually commented on that ticket, and while it is a step forward, it does not cover all the use cases that Edit Flow needs when it comes to searching for users. There’s talk of further changes coming in 3.1 and we’ll keep an eye out for that. * [Andrew Nacin](https://wordpress.org/support/users/nacin/) * (@nacin) * [15 years, 7 months ago](https://wordpress.org/support/topic/plugin-edit-flow-should-not-require-wp-adminincludesuserphp/#post-1706099) * Mo is right… The only thing I would be concerned with here is if WP_User_Search develops a dependency that is outside wp-admin/includes/user.php, thus causing a fatal error. We don’t make guarantees that these files can be included as one- offs from non-admin scope and that things will work. But I’ve certainly done it before, and it’s just something you have to keep in mind for during the beta periods. (Alternatively, you can include wp-admin/includes/admin.php, but that will load a lot of extra stuff and could degrade performance.) * Indeed, WP_User_Search has been gutted in 3.0, check out WP_User_Query (which is in wp-includes). It’s also been moved, so Edit Flow would break. [http://wpdevel.wordpress.com/2010/10/07/wp_user_search-has-been-replaced-by-wp_u/](http://wpdevel.wordpress.com/2010/10/07/wp_user_search-has-been-replaced-by-wp_u/) * Thread Starter [robbyslaughter](https://wordpress.org/support/users/robbyslaughter/) * (@robbyslaughter) * [15 years, 7 months ago](https://wordpress.org/support/topic/plugin-edit-flow-should-not-require-wp-adminincludesuserphp/#post-1706101) * Perhaps there is a better thread to suggest this, but it seems like a reasonable method for securing a blog ought to be removing the components of WordPress that allow administrative access to the blog. Unlike server configuration changes— which require considerable expertise—the ability to simply delete the /wp-admin/ folder seems like an elegant design. * In any case, it seems like Andrew’s point stands. In simpler terms, we’re probably both using WordPress in a non-recommended fashion. 🙂 Viewing 3 replies - 1 through 3 (of 3 total) The topic ‘[Plugin: Edit Flow] Should not require /wp-admin/includes/user.php’ is closed to new replies. * ![](https://ps.w.org/edit-flow/assets/icon-256x256.png?rev=3433533) * [Edit Flow](https://wordpress.org/plugins/edit-flow/) * [Frequently Asked Questions](https://wordpress.org/plugins/edit-flow/#faq) * [Support Threads](https://wordpress.org/support/plugin/edit-flow/) * [Active Topics](https://wordpress.org/support/plugin/edit-flow/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/edit-flow/unresolved/) * [Reviews](https://wordpress.org/support/plugin/edit-flow/reviews/) * 3 replies * 3 participants * Last reply from: [robbyslaughter](https://wordpress.org/support/users/robbyslaughter/) * Last activity: [15 years, 7 months ago](https://wordpress.org/support/topic/plugin-edit-flow-should-not-require-wp-adminincludesuserphp/#post-1706101) * Status: resolved