I'd like to develop a Wordpress plugin which would add custom database tables as well as pages interacting with these tables (e.g. a form to add new entries, a list of current entries...)

Is there a way to make these pages non-editable, non-deletable (even better, not displaying in the admin panel) so that only the plugin itself is responsible of them?

If not, is there a better solution than implementing these pages through PHP files including wp-load.php or similar?

I'd like to develop a Wordpress plugin which would add custom database tables as well as pages interacting with these tables (e.g. a form to add new entries, a list of current entries...)

Is there a way to make these pages non-editable, non-deletable (even better, not displaying in the admin panel) so that only the plugin itself is responsible of them?

If not, is there a better solution than implementing these pages through PHP files including wp-load.php or similar?

• plugin-development
• pages

• 1 You can use the Rewrite API to create virtual pages, then populate them with whatever content you want. – Pat J Commented Feb 14 at 15:37
• 1 Thanks, I will look into that! – Blipz Commented Feb 14 at 15:46
• What are you trying to achieve with this? The answer will be very different if you just want to make it so someone requires more knowledge then a typical user or if you want to make it so that admin can't modify the pages outside of the plugin. This is actually a pretty complex question with a lot of edge cases. I don't believe that the Rewrite API will get you there, but it could be helpful along your journey. – davidgo Commented Feb 15 at 3:52
• The goal is to make some web content available to users, without it being tampered with in the admin panel. After some testing, I think the Rewrite API with virtual pages is what I need. – Blipz Commented Feb 16 at 14:43

1 Answer 1

(This applies regardless of whether its done in Wordpress or PHP directly, assuming the files and databases can all be connected to by the website owner set up in Apache).

For a typical wordpress setup anything you do within Wordpress or PHP can be bypassed by a Wordpress admin user (think how backup programs like Updraft works). You can make this a lot harder to do and obfusicate it so your typical Wordpress user can't find or access the pages. Once you have the ability to log in to Wordpress as an administrator you can create/find a plugin that can do arbitrary things as that user and Wordpress can't prevent this.

In order to do this properly you would need to have the PHP code running as a different user and either a separate database or user restrictions on who can access the tables.

If you want to just make it so that the typical user can't modify these pages or find them in the admin panel then that is a lot simpler and is doable.