devgeniem/wp-no-admin-ajax

A WordPress plugin that lightens the WP AJAX routine and directs the requests to front-end rather than admin back-end.

Installs: 17 347

Dependents: 1

Suggesters: 0

Security: 0

Stars: 37

Watchers: 12

Forks: 12

Open Issues: 2

Type:wordpress-plugin

1.0.3 2017-07-17 11:15 UTC

This package is auto-updated.

Last update: 2024-10-20 15:31:56 UTC


README

geniem-github-banner

WP Plugin: No-Admin-Ajax

Latest Stable Version Total Downloads Latest Unstable Version License

A WordPress plugin that changes the WP AJAX routine and rewrites the ajax requests to custom url rather than /wp-admin/admin-ajax.php back-end.

Install

Recommended installation to WP project is through composer:

$ composer require devgeniem/wp-no-admin-ajax

Use cases

  • Rewrite all admin-ajax.php queries into custom url so you can allow /wp-admin/ to only certain IP-addresses.
  • You can use this to confuse bots which might try to use vulnerabilities in admin-ajax.php.

Configuration

Variables

This plugin url is by default /no-admin-ajax/. You can use filters to change it or you can set the default value by yourself by using:

// This turns the no admin ajax url to -> /ajax/
define('WP_NO_ADMIN_AJAX_URL','ajax');

Notice: Value set here can be filtered too, this just sets the starting point for the custom url.

Notice 2: After plugin installation and other changes be sure to refresh your permalinks by just going to Settings > Permalinks > and saving it without any modification.

Hooks & Filters

You can customize the url by using filter no-admin-ajax/keyword.

<?php

// This changes /no-admin-ajax/ -> /ajax/
add_filter( 'no-admin-ajax/keyword', 'my_custom_no_admin_ajax_url' );
function my_custom_no_admin_ajax_url( $ajax_url ) {
    return "ajax";
}

You can run commands before ajax calls by using no-admin-ajax/before or no-admin-ajax/before/{action}

<?php
// Writes log entries after hearthbeat action for debugging
do_action( 'no-admin-ajax/before/heartbeat' , 'my_custom_no_admin_ajax_debug' );
function my_custom_no_admin_ajax_debug() {
    error_log( 'DEBUG | heartbeat action was run by: '.$_SERVER[“REMOTE_ADDR”] );
}