Useful but extremely dangerous

Yes, the plugin is also usable for non-WP sites.
Maybe I include a blocker for non access via WP.

Hi Frank,

Good that the plugin can also be used for non-WP. But the reason that this plugin is so much less secure than the vanilla, is that it reads the database connection information automatically.

So where a bad guy would have to guess the password as well when using adminer, the adminer-wordpress-plugin does not have this protection.

If the adminer-wp-plugin uses wordpress-specific convenience features to allow access to the database, I think it should also use wordpress-specific protection.

Frank, can you move the is_admin() check to login() in loader.php?

Yes, it is possible. The WP-functions is usable on this part.
I will do this in the next update, maybe today. Sorry – I have so much topics in the last time.

@jakubvrana is_admin() is not so easy usable, only via load from admin.php and I think a better check is for the rights of user, via current_user_can(). In the new version I have inlcude this check to use only if the user is logged in and have enough capability to use your great tool Adminer.

@annoyingmouse: I have include a check for the capability, that check also if the user logged in and dont allow to load the loader without WP. Thanks for important hint!