My question basically is: are the "back-end" plugins, which in nothing affects the blog front-end, loaded when an anonymous user, for example, browse my blog?
Let's say the EWWW image optmizer, for instance: it just optmize the images, in the back-end. It has a admin interface to optimize the images, but the end-user doesn't use it at all. Still it gets loaded in each page visit?
I'm not sure if I'm making myself clear. Hope so.
As far as I know there is no way to specify a plugin as admin only in the WordPress API. The only plugin types I know about are 'must use', 'network activitate' (for multi user sites) and 'active' so I think an admin plugin will also load in non admin mode. The plugins are loaded in wp-settings.php. I read the code and it seems to me that WordPress doesn't distinguish between admin mode and non-admin mode as far as plugin loading is concerned. The relevant code is:
// Load must-use plugins.
foreach ( wp_get_mu_plugins() as $mu_plugin ) {
include_once( $mu_plugin );
}
unset( $mu_plugin );
// Load network activated plugins.
if ( is_multisite() ) {
foreach ( wp_get_active_network_plugins() as $network_plugin ) {
wp_register_plugin_realpath( $network_plugin );
include_once( $network_plugin );
}
unset( $network_plugin );
}
...
// Load active plugins.
foreach ( wp_get_active_and_valid_plugins() as $plugin ) {
wp_register_plugin_realpath( $plugin );
include_once( $plugin );
}
unset( $plugin );
function wp_get_mu_plugins() {
$mu_plugins = array();
if ( !is_dir( WPMU_PLUGIN_DIR ) )
return $mu_plugins;
if ( ! $dh = opendir( WPMU_PLUGIN_DIR ) )
return $mu_plugins;
while ( ( $plugin = readdir( $dh ) ) !== false ) {
if ( substr( $plugin, -4 ) == '.php' )
$mu_plugins[] = WPMU_PLUGIN_DIR . '/' . $plugin;
}
closedir( $dh );
sort( $mu_plugins );
return $mu_plugins;
}
function wp_get_active_network_plugins() {
$active_plugins = (array) get_site_option( 'active_sitewide_plugins', array() );
if ( empty( $active_plugins ) )
return array();
$plugins = array();
$active_plugins = array_keys( $active_plugins );
sort( $active_plugins );
foreach ( $active_plugins as $plugin ) {
if ( ! validate_file( $plugin ) // $plugin must validate as file
&& '.php' == substr( $plugin, -4 ) // $plugin must end with '.php'
&& file_exists( WP_PLUGIN_DIR . '/' . $plugin ) // $plugin must exist
)
$plugins[] = WP_PLUGIN_DIR . '/' . $plugin;
}
return $plugins;
}
function wp_get_active_and_valid_plugins() {
$plugins = array();
$active_plugins = (array) get_option( 'active_plugins', array() );
// Check for hacks file if the option is enabled
if ( get_option( 'hack_file' ) && file_exists( ABSPATH . 'my-hacks.php' ) ) {
_deprecated_file( 'my-hacks.php', '1.5.0' );
array_unshift( $plugins, ABSPATH . 'my-hacks.php' );
}
if ( empty( $active_plugins ) || wp_installing() )
return $plugins;
$network_plugins = is_multisite() ? wp_get_active_network_plugins() : false;
foreach ( $active_plugins as $plugin ) {
if ( ! validate_file( $plugin ) // $plugin must validate as file
&& '.php' == substr( $plugin, -4 ) // $plugin must end with '.php'
&& file_exists( WP_PLUGIN_DIR . '/' . $plugin ) // $plugin must exist
// not already included as a network plugin
&& ( ! $network_plugins || ! in_array( WP_PLUGIN_DIR . '/' . $plugin, $network_plugins ) )
)
$plugins[] = WP_PLUGIN_DIR . '/' . $plugin;
}
return $plugins;
}
Of course the easiest way to know for sure is to load a front end page on an WordPress installation with the suspect plugin and using the debugger to check if it loads.
Also, if a plugin was intended for admin use only the plugin author could just have
if ( ! is_admin() ) {
return;
}
at the start of the main plugin file. So the plugin essentially doesn't load.