It should be fine and secure, as Horttcore mentioned it isn’t making any database or backend changes it is simply displaying the tinymce editor. There are other plugins you could use of course but I don’t see any problems doing exactly what you are doing.
To answer your other question, I believe the text/visual switch is stored in a cookie so only you would see this change and only if you switched it on the public form yourself – other people changing it on the public end won’t change your settings for text/visual on the backend.
Related Posts:
- what is a auth_user_file.txt?
- How to view PHP on live site
- Is moving wp-config outside the web root really beneficial?
- Hide the fact a site is using WordPress?
- Verifying that I have fully removed a WordPress hack?
- Can I Prevent Enumeration of Usernames?
- Best way to eliminate xmlrpc.php?
- If a hacker changed the blog_charset to UTF-7 does that make WordPress vulnerable to further attacks?
- Should I remove install.php and install-helper.php?
- Are Nonces Useless?
- What is the difference between esc_html filter vs attribute_escape filter?
- How do I technically prove that WordPress is secure?
- Which KSES should be used and when?
- How do WordPress Nonces Work?
- How can I easily verify a core or plugin update has not broken anything?
- Disable comment windows for all existing posts (pages/blogposts)
- Generate WordPress salt
- Stop wordpress automatically escaping $_POST data
- Secure my “add_settings_field” translation?
- how can i embed wordpress backend in iframe
- Handling nonces for actions from guests to logged-in users
- WordPress Logout Only If User Click Logout or If User Delete Browser History
- Can I force a password change?
- How brute-forcer knows that the password is cracked for target username?
- What is pclzip.lib.php file that wordfence think it’s a malicious code
- Can someone (Support of my themeprovider) get access to my server If I send them my admin login?
- How to disable XML-RPC from Linux command-line in a total way?
- How to remove javascript malware in wordpress site [closed]
- Completely remove the author url
- Securing my WordPress Files and Directories
- About WordPress site security
- Single sign-on: wp_authenticate_user vs wp_authenticate
- How to allow internal links using wp_kses filtration
- How does Cross Site Scripting (XSS) work exactly? [closed]
- How does the “authentication unique keys and salts” feature work?
- vs WordPress Security
- esc_html__ security : what for in this example?
- Using HTACCESS for Secret Access
- wp-config.php being written by attacker
- Definitive wordpress directory ownership and permissions on linux
- XML-RPC errors they know my username?
- Is [admin / admin] acceptable for all local websites?
- Simple Online Payment for Event Registration [closed]
- What may be causing failure of auto-install features in WordPress (v3.0.3)?
- Client side HTTP parameter pollution (reflected)
- Local file inclusion critical security issue [closed]
- Malware script in database post table only? [closed]
- Best practices to assert current_user_can() with guests
- XMLRPC slow and weird websites/services
- Are there security risks in working directly in the themes folder that builds into a theme folder?
- Is it safe to hand over the admin rights?
- Are un-sanitized theme options more vulnerable to malicious scripts than the theme editor?
- Secure WordPress: Change admin
- Changing the default header name
- how much information can we hide when using wordpress cms?
- disable tags on wordpress text editor
- Wordfence detects change in wp-admin/includes/upgrade.php
- Basic password protection without using users and roles
- System setting changed by system user
- Does meta-data need to be sanitized?
- Will there be security updates for WordPress 4.9.9
- Any known bugs that could cause disappearance of the wp_users table?
- On new server, site got hacked, permissions a bit strange? Please help
- Are SVG image files safe to upload? Why WP defines them as a security risk? [duplicate]
- Restrict Access without Creating Users
- How to obfuscate wp-config.php or code
- Security issue with ‘paged’ and ‘posts_per_page’ parameters taken directly from a POST request?
- How to prevent to direct access of my custom plugin folder/files
- Checking for origin of a xmlrpc request
- RESTRICT EDIT of PHP files?
- wp-content – permissions for files/folders created by apache
- How can I restrict access to specific parts of a page, not just the page itself?
- User generated content and security
- Are major WordPress updates mandatory for security?
- i moved wp-config.php outside of public html and this broke my website
- Monitor wordpress all external calls
- Is it safe to use the basic administration with reduced rights for private member space
- Securing WordPress running on Azure platform
- Verifying that I have fully removed a WordPress hack?
- Spam Registrations
- How can I have more confidence that WP plugins aren’t getting and storing user data?
- Standard Method for Securing a WordPress Site
- wordpress security (only one part of the site)
- Avoid ‘uploads’ 777 permissions: Potential threat or clean solution?
- Any way to disable /wp-login.php redirecting to the site folder?
- Folder Permissions + Security Concerns
- Malware/Permission bug removal?
- Could a user account with a stolen password compromised entire WP site?
- Step by Step Instructions for Making Media/Uploads Private to Only Logged-In Users
- Secure a WordPress website in 2019: one plugin or a combinations of them?
- What are the different types of firewall protections available for a WordPress website?
- Run a security scan on WordPress site that has .htaccess password [closed]
- Is this a WordPress security bug?
- Competitor is somehow accessing MetaData on a hidden WordPress site
- WordPress Hacks/Defacing [closed]
- How do you search for backdoors from the previous IT person?
- Possible to change email address in keypair?
- Why is SSH password authentication a security risk?
- Is wp-cron.php vulnerable to external attacks and how to protect it?
- How to address security vulnerabilities: LUCKY13, BEAST, and BREACH