Blocking admin-ajax.php from outside domain

If the point of the file is to allow the website to asynchronously
post data why would it even be allowed to be accessed directly,
especially from an ip that is not the ip of the site itself?

AJAX requests come from the user’s IP address, not the site’s, because an AJAX request is by definition a request made by the user’s browser.

Would I break things if I blocked all ips that are not my site ip from
POSTing to admin-ajax.php?

Yes, you would break all AJAX requests that use admin-ajax.php, including those used by WordPress core.

I have reCaptcha installed but they are getting past it.

If reCAPTCHA is implemented correctly these direct requests should fail because the server should be validating the CAPTCHA on the server. If you’ve implemented reCAPTCHA yourself you need to make sure this server-side validation is occurring. If you didn’t, then you will need to raise this issue with the developer of the plugin you’re using.

Related Posts:

  1. Ajax form submission from admin panel
  2. How to securely add an Ajax button to a WP Admin page?
  3. wp_remote_get() to get AJAX url /wp-admin/admin-ajax.php
  4. AJAX requests broken due to HTTPS for wp-admin
  5. wp-admin AJAX with Fetch API is done without user
  6. WP Admin AJAX Security – using POST to include a relative URL
  7. WordPress Ajax Not Working ( Custom Admin page)
  8. Why a strange discrepency between get_current_user_id() when using AJAX versus output of document.cookie?
  9. Pass additional parameter with async upload
  10. Use WP admin AJAX url to hide API key
  11. Preprocess submitted data
  12. How to check nonce lifetime value of plugins?
  13. Use AJAX in a WordPress Plugin to Get Data From Custom Database?
  14. admin-ajax.php returns 0 even when the post status code is 200 OK
  15. Can I use application/json content type in WordPress
  16. wordpress admin ajax trash_comment
  17. Ajax call not working anymore
  18. WorddPress website admin part not working correctly – I think ajax/json issue
  19. How modify comments metabox on post edit screen in WordPress?
  20. Weird admin-ajax.php problem
  21. WordPress Get Header and Footer using in Admin Area
  22. get_comments() returns empty array if called through AJAX
  23. WordPress blocking polling request when signed into Admin
  24. Can admin-ajax.php be used for spam purposes? And if yes, how to prevent that?
  25. randomly get 400 error while user is logged in wp_ajax
  26. Google Maps API throws “Uncaught ReferenceError: google is not defined” only when using AJAX
  27. Initialize TinyMCE editor / visual editor after AJAX insert
  28. WP-AJAX vs WP REST API: What to use for requests to the website from outside?
  29. SSL breaks customizer: page isn’t returned from ajax
  30. How to verify nonce from Bulk/Quick Edit in save_post?
  31. How to implement AJAX post navigation into WordPress?
  32. wp_ajax_[service] returning 0
  33. Trying to load content of a post via AJAX
  34. Ajax function returns -1
  35. Problems with creating sortable sections in customizer
  36. Is it OK to use a system cron to trigger a function hooked into the AJAX API
  37. Filter WP user acf field by ajax
  38. Ajax Request not coming back to class
  39. How to make ajax content indexable by search engines?
  40. Conditional action hooks
  41. query vars in url work but not in ajax call
  42. Is it safe to use $_POST directly in my plugin instead of using admin-ajax.php to receive data from ajax?
  43. How to make get_theme_mod work with AJAX in the customizer preview
  44. How to declare a JS variable in an AJAX call
  45. is_page() conditional not working inside an AJAX function
  46. Fatal error: Call to undefined function get_post() with ajax
  47. how to send Ajax request in wordpress backend
  48. wp_create_nonce() in REST API makes user->ID zero
  49. ajax nonce verification failing
  50. Plugin: AJAX query external API to sync to tables
  51. admin-ajax.php ” Missing argument 2″ warning
  52. Update get_pages using ajax on form select change
  53. splitting the URL using jQuery
  54. How do I get reusable blocks via frontend REST API?
  55. Is there builtin way to use protected AJAX endpoint?
  56. How to create an ajax endpoint without js?
  57. WP Ajax never returning any data / calling action
  58. How to load content from many posts on a page, only if needed
  59. Making an ajax request from a different domain
  60. WordPress Settings api data not sanitized if i use ajax
  61. Pagination Using ajax
  62. Ajax call with javascript in post content (not enqueued)
  63. What’s the latest I can hook into wp_ajax_%?
  64. Nonce doesn’t validate in nopriv call
  65. WordPress – admin-ajax.php returns 502 Bad Gateway [closed]
  66. How to use ajax to get multiple outputs?
  67. blocking the admin section (but still using admin-ajax.php)
  68. Admin-ajax.php 400 error in custom theme
  69. Why does check_ajax_referer give a 403 error on https websites?
  70. WordPress is creating nonce as a logged in user but verifying it incorrectly
  71. Hide Load more Ajax button if there is no more users to load or less than the number?
  72. How to get setting from separate file?
  73. wp_ajax action is not run when ajax trigger
  74. Contact form – ajax, wp_mail
  75. Replace link with form to pass variables to javascript / ajax
  76. admin-ajax.php calls fail if referrer is sent with 500
  77. AJAX not working when clicking load more button, when two terms are present in tax_query
  78. AJAX – get_posts for a specific post type returns empty
  79. Admin Ajax always return 0
  80. Ajax call undefined index
  81. Is there a hook that fires after an ajax call?
  82. Dynamic Twitter card images
  83. How to pass value from ajax to php in no conflict mode?
  84. error_log() not working within wp_ajax_{action} handler
  85. Is there a way to add ajax hooks without editing the functions.php file?
  86. Implement AJAX to fetch pages or posts content in a WordPress custom theme
  87. AJAX is not submitting data to database
  88. about load more ajax
  89. Is not using admin-ajax to ajax submissions okay?
  90. Turn a URL into content preview
  91. Deploy Subcategories with Ajax not working
  92. Allow guest to update custom post met using ajax
  93. Simulate a specific page when making AJAX calls
  94. How to load post_meta for custom post type via Ajax
  95. Load more posts with Ajax and masonry
  96. Caching for logged in user and Ajax update
  97. WooCommerce AJAX cross domain add to cart
  98. AJAX function needed (toggle text) [closed]
  99. Call pre_get_posts inside ajax
  100. Access to a data from a response AJAX called in a template file php