diff --git a/admin/js/admin.js b/admin/js/admin.js
index c6d0073a..509ab1c4 100644
--- a/admin/js/admin.js
+++ b/admin/js/admin.js
@@ -196,7 +196,8 @@
 			url: wpdc.ajax,
 			type: 'post',
 			data: {
-				action: 'wpdc_view_logs_metafile'
+				action: 'wpdc_view_logs_metafile',
+        nonce: wpdc.nonce
 			},
 			success: function(response) {
 				if (response.success) {
@@ -208,7 +209,7 @@
 	
 	$logControls.find('.button.download-logs').on('click', function() {		
 		var xhr = new XMLHttpRequest();
-		xhr.open('POST', wpdc.ajax + '?action=wpdc_download_logs', true);
+		xhr.open('POST', wpdc.ajax + `?action=wpdc_download_logs&nonce=${wpdc.nonce}`, true);
 		xhr.onload = function() {
 			if (xhr.readyState === 4 && xhr.status === 200) {
 				var blob = new Blob([ xhr.response ], { type: 'application/zip' });
diff --git a/admin/log-viewer.php b/admin/log-viewer.php
index 32c4d0ae..aaba6b53 100644
--- a/admin/log-viewer.php
+++ b/admin/log-viewer.php
@@ -109,7 +109,7 @@ public function setup_log_viewer( $file_handler = null ) {
 				}
 
 				$handler_enabled = $this->file_handler->enabled();
-				$this->enabled = ! empty( $this->options['logs-enabled'] ) && $handler_enabled;
+				$this->enabled   = ! empty( $this->options['logs-enabled'] ) && $handler_enabled;
 
 				if ( $this->enabled ) {
 						$this->setup_logs();
@@ -254,8 +254,14 @@ function ( $result, $log_file ) use ( $file_handler ) {
 		 * Return log file contents for selected key.
 		 */
 		public function log_file_contents() {
-				// See further https://github.com/WordPress/WordPress-Coding-Standards/issues/869.
-				if ( ! isset( $_REQUEST['nonce'] ) || ! wp_verify_nonce( sanitize_key( $_REQUEST['nonce'] ), 'admin-ajax-nonce' ) || ! isset( $_POST['key'] ) ) {
+        if ( ! current_user_can( 'manage_options' ) ||
+             ! isset( $_REQUEST['nonce'] ) ||
+             ! wp_verify_nonce( sanitize_key( $_REQUEST['nonce'] ), 'admin-ajax-nonce' ) ) {
+          wp_send_json_error();
+          return;
+        }
+
+				if ( ! isset( $_POST['key'] ) ) {
 						wp_send_json_error();
 						return;
 				}
@@ -281,6 +287,13 @@ public function log_file_contents() {
 		 * Return log meta file contents.
 		 */
 		public function meta_file_contents() {
+        if ( ! current_user_can( 'manage_options' ) ||
+             ! isset( $_REQUEST['nonce'] ) ||
+             ! wp_verify_nonce( sanitize_key( $_REQUEST['nonce'] ), 'admin-ajax-nonce' ) ) {
+          wp_send_json_error();
+          return;
+        }
+
 				$metafile_contents = $this->build_metafile_contents();
 
 				$response = array(
@@ -294,6 +307,13 @@ public function meta_file_contents() {
 		 * Download bundled log files.
 		 */
 		public function download_logs() {
+        if ( ! current_user_can( 'manage_options' ) ||
+             ! isset( $_REQUEST['nonce'] ) ||
+             ! wp_verify_nonce( sanitize_key( $_REQUEST['nonce'] ), 'admin-ajax-nonce' ) ) {
+          wp_send_json_error();
+          return;
+        }
+
 				$log_files  = $this->file_handler->list_files();
 				$date_range = $this->build_date_range( $log_files );