Securing a plugin pop-up window

Add some AJAX actions in your plugin file, something like this… The first one (without _nopriv) will already only be executed for logged in users, and the second will only be executed for logged out users, so there is no need to retest is_user_logged_in() here:

add_action('wp_ajax_show_popup_contents', 'show_popup_contents');
function show_popup_contents() {
    $filepath = dirname(__FILE__).'/popup.php';
    include($filepath); exit;
}

add_action('wp_ajax_nopriv_show_popup_contents', 'deny_popup_contents');
function deny_popup_contents() {
    wp_die("You need to be logged in to view these contents.");
}

Then set the popup URL to /wp-admin/admin-ajax.php?action=show_popup_contents

You probably want to also add if (!defined('ABSPATH')) {exit;} at the top of the included popup.php file so it cannot be accessed directly that way.

Related Posts:

  1. What are the common security flaws I need to look for? [closed]
  2. WordPress Capabilities: edit_user vs edit_users
  3. Where should my plugin POST to?
  4. Security error WP 4.0 + WP phpBB Bridge [closed]
  5. Should I use RIPS tool to test my themes and plugins?
  6. Escape when echoed
  7. wp_create_nonce function doesn’t work inside a plugin?
  8. I should enable automatic updates?
  9. Prevent direct access to WordPress plugin assets?
  10. How to prevent plugins from sniffing/stealing other plugins’ options?
  11. Security of a WordPress Plugin
  12. Help to Create a Simple Plugin to make a post
  13. Content-Security-Policy implementation with WordPress W3Total Cache plugin installed
  14. wp_verify_nonce fails always
  15. Validating values using Settings API?
  16. WordPress.Security.NonceVerification.Recommended
  17. Using a custom plugin to capture input data via Ajax and PHP
  18. Python with wordpress plugin
  19. Display post lists in 2nd paragraph
  20. Map Custom Registration Fields to WordPress User Roles
  21. Not able to add option in Sub-Menu under page
  22. How to stop activating a plugin and show admin notice when dependent plugins minimum version is not met
  23. Using a post-signup hook to get user details
  24. How to apply a patch via plugin?
  25. Fixing WordPress’s Bug (failed to send buffer of zlib output compression) results in “White Screen of Death”
  26. How to block plugin activations with no known user or coming from unknown IP address range?
  27. Nonce failing on form submission
  28. Disable woocommerce cookies and delete cart data automatically
  29. Ajax contact form widget plugin data not insert in database
  30. link bbpress forum discussion to blogposts
  31. Install Plugin via Code
  32. code is working properly in Core PHP but writing coding in WordPress
  33. Check for security updates
  34. Combine scripts from all extensions of the plugin when an extension is activated
  35. Creating a custom post type, adding custom meta fields, preventing all future editability of posts of this type
  36. Prevent duplicate records in plugin table
  37. Send Custom welcome email to specific user group
  38. woocommerce payment gateway callback not firing [closed]
  39. How to modify WCMP Rest API response?
  40. Fetch Children of Grouped Products Inside WooCommerce Product Loop
  41. White page by using filter template_include
  42. How to fetch products with the price in a page on woocommerce using a form or live search with php
  43. Making a Template for a CPT created by a plugin
  44. Woocommerce dependent plugin
  45. WordPress.org Plugin Directory doesn’t recognise screenshots [closed]
  46. External CSS in WordPress Plugin [closed]
  47. How to check current user before all actions and filters?
  48. Owl Carousel2 image not displaying full width when using Stretch row and content, Stretch row and content(no padding) in wordpress
  49. User Session and Stored Cookies not get removed
  50. New databes tables with – WooCommerce – for developers [closed]
  51. How can I prevent my plugin go development trunk [closed]
  52. Plugin-generated pages use Not Found or Pages Archive templates?
  53. How can I make 2 plugins that include different versions of a framework to both use the latest version?
  54. creating html reusable blocks via shortcodes
  55. Add Plugin options as subpage to Theme options page
  56. Is there any kind of theme on WordPress to sell my own movies?
  57. Image upload and download from front-end
  58. Create a navbar filter that filters by a custom field
  59. Change commission_status paid when withdraw_status vendor is completed
  60. Standard Fail2Ban vs. WP Fail2ban vs. WP Fail2Ban Redux
  61. Passing an array from shortcode-function to filter-function
  62. custom payment gateway in woocommerce failed to connect to remote api server
  63. wp_remote_get() returns 403 while file_get_contents() does not
  64. Single API call exposed via shortcode with params
  65. Plugin options page with live preview?
  66. Using SVN to upload plugin created with gutenberg blocks
  67. Force quit running background job
  68. Modifying Author Link to add Author Meta in URL
  69. How to output CMB2 select options from repeated groups select elements?
  70. Creating a Callback URL for WordPress Woocommerce to update Order Status
  71. Get Time Taken By Each Action Hook in WordPress
  72. How to export post 2 posts WordPress plugin data [closed]
  73. 306 MB of wp_options occupied by WordPress SEO Plugin, is that normal? [closed]
  74. WordPress plugin creation how to execute .sql in order to insert multiple rows at activation of plugin
  75. Best way to maintain and update 3rd-party WP plugin when developer is unresponsive?
  76. get 404 when accessing wp-admin/plugin-install.php
  77. What can be reason for no plugin-strings available under stable section on translate.wordpress.org?
  78. Plugin: register_deactivation_hook works perfectly well, while register_activation_hook suddenly stopped working
  79. Are functions in main plugin file called before function bound to register_activation_hook runs?
  80. I want to auto populate data in three fields if one drop down is selected
  81. Best place for if/else piece of code related to custom plugin?
  82. How do you assign a UUID to posts/products/comments/reviews?
  83. Best way to initiate a class in a WP plugin?
  84. correct way to include a library(and its dependent libraries) in wordpress development
  85. How does task scheduler plugin implements cron that is not dependent on page load request? [closed]
  86. Issue Tracker from pre exsisting table [closed]
  87. How to make a implement queue for scheduling tasks in WordPress?
  88. Session destroyed on page redirect
  89. WordPress Plugin [closed]
  90. wp.media javascript issue with on select
  91. Is there a way to test that readme looks in other language before submitting translation?
  92. What are the specifics of WordPress development I need to know? [closed]
  93. Insert data from .sql file in wordpress plugin
  94. WP_Async_Task doesn’t appear to be running asynchronously
  95. jQuery for custom plugin not working with Divi theme
  96. How can I make my metabox appear?
  97. Ajax call returning 0
  98. How can i get the post’s full html source by its ID?
  99. How to set add question capability for author role in wp pro quiz plugin
  100. Consolidate plugin functionality into a theme
Hata!: SQLSTATE[HY000] [1045] Access denied for user 'divattrend_liink'@'localhost' (using password: YES)