[wp-hackers] wp-admin folder and admin-ajax.php

Gavin Pearce Gavin.Pearce at 3seven9.com
Wed Aug 11 11:18:50 UTC 2010

Hi Westi,

That would still mean pointing to wp-admin/admin-ajax.php though I believe?

Which goes back to the issue of being able to secure the wp-admin folder. Some users, as suggested in the codex, will secure the entire wp-admin folder via IP or htaccess password protection, which would break any front-end AJAX hooking into this.

As a plugin developer, automatic installations would obviously fail in this use-case. 


-----Original Message-----
From: wp-hackers-bounces at lists.automattic.com [mailto:wp-hackers-bounces at lists.automattic.com] On Behalf Of Peter Westwood
Sent: 11 August 2010 11:49
To: wp-hackers at lists.automattic.com
Subject: Re: [wp-hackers] wp-admin folder and admin-ajax.php

On 11 Aug 2010, at 10:14, Gavin Pearce wrote:

> Thanks Westi!
> Out of interest then, and in that case - how would you personally best
> handle non-auth, front-end, AJAX (and then having access to the various
> WP instances/classes/DB) without hooking into the WordPress AJAX
> function at admin-ajax.php?
> All the main guides seem to point towards using admin-ajax ...

Sorry I missed this out my response earlier.

For unauthenticated actions use a no_priv action hook.

Line 46 of admin-ajax.php

do_action( 'wp_ajax_nopriv_' . $_REQUEST['action'] );

Peter Westwood
http://blog.ftwr.co.uk | http://westi.wordpress.com
C53C F8FC 8796 8508 88D6 C950 54F4 5DCD A834 01C5

wp-hackers mailing list
wp-hackers at lists.automattic.com

More information about the wp-hackers mailing list