I have a form where some fields are set to be visible to the admin only, but can be manipulated to become visible and allow submission.
Let's say it was an application form that a logged out user can submit. Within the form is a 'status' field which is set to be visible only to admins. (i.e. so that post submission, administrators can login to change the 'Status' of the application to 'Approved')
However, when logged out, I can use the developer to tools to find the hidden field's HTML, change it's attributes to un-hide it, then enter 'Approved' and submit the form, and the entry submits as normal INCLUDING the status field containing 'Approved'.
Does anybody know a workaround to prevent this from being possible? I guess it would require some backend validation but ideally I need a function that will apply across all forms so that I don't have write a new function for every form.

Any assistance is much appreciated, with thanks. James.