This is why you use nonces.
$.ajax({
type: "POST",
url: '/wp-admin/admin-ajax.php',
data: { action: 'mail_function', message: 'test', _nonce: <?php echo wp_create_nonce( 'mail_function_' . $post->ID ) ?>},
dataType: "html",
success: function(data) {
}
});
Then in your PHP function:
function my_ajax_mailer() {
if ( ! wp_verify_nonce( $_REQUEST['_nonce'], 'mail_function_' . $post->ID ) )
return;
// send mail...
}
Related Posts:
- Admin ajax request return 0 with die()
- Custom column for changing post status via ajax
- How to make ajax call in wordpress in right way?
- wp-admin – save options without refreshing?
- How to create a wp admin page (for use in an ajax request)
- Redirect users away from Admin breaks ajax
- Ajax solution similar to WP Categories functioning in Admin area
- blocking the admin section (but still using admin-ajax.php)
- Ajax requests from front-end with jQuery Fancybox
- Dismiss Admin Pointer Temporarily
- CPU overload spam – redirect link to wp-admin and new post
- How to prevent spams from admin-ajax.php file?
- adding the category to the admin column for a custom post type?
- Change page title in admin area
- How to filter by post-format in admin?
- sortable custom column in media library
- how do I force a single column layout in screen layout
- Make fonts.com font work in TinyMCE (iframe referrer issue)
- Sortable admin columns, when data isn’t coming from post_meta
- wp_list_table search box does not show
- How to remove the site health dashboard widget?
- Securing wp-admin folder – Purpose? Importance?
- How to Display Post Excerpts in Admin by Default?
- What is the capability that permits access to WP-Admin?
- WordPress in sub directory wp-admin problem
- Admin account only shows Profile and Dashboard with no activity
- Opening specific posts on WP takes lot of time and freezes the editor
- Adding body class to login page?
- Edit a WordPress site without the username and password?
- How to load a CSS file into WordPress admin area using Child Theme? [closed]
- Getting “Cannot modify header information – headers already sent” error, but only on backend
- WordPress admin menu gap when debug mode is enabled?
- Call to undefined function insert_with_markers
- How can I remove the new stats message? [closed]
- Cookie value cannot be read until I’ve logged into the WP admin
- AJAX requests broken due to HTTPS for wp-admin
- How to inhibit dashboard and profile management access to normal users?
- What corrections does this code need?
- Why can’t I exclude private posts from this query?
- Cannot Access Admin Area After Migration
- How to add wordpress blog to Windows 2008 R2 site
- Modify wp-admin page header ‘viewport’ meta data
- WP Admin AJAX Security – using POST to include a relative URL
- WordPress Admin Not Loading All Core Scripts
- The uploaded file exceeds!
- Admin table list API?
- How to change user admin_color with WP CLI?
- Having troubles connecting to WordPress login page using Mamp
- WP Admin/ WP Login Redirect to themselves
- Unable to log in to localhost wp-admin page on XAMPP server
- Missing ‘Move to Trash’ option from bulk select box
- Where can I find admin-header.php file online?
- class-wp-hook.php on line 288
- Trying to get custom js files in my admin header
- How to disable categories/most used in ‘add new post’?
- Why am I locked out of the system?
- Is it possible to create two different wp-admins for a wp website
- Am I able to change the name of /wp-admin/options-general.php?
- how to customize the default #adminmenu in wp-admin
- How to Restrict Access to all wp-admin pages for subscriber users
- WP Admin messed up
- wp-login not found – All usual solutions not working
- Why when I try to access to this old WordPress site it is opened the installation page?
- How do I change the hover (focus) color of admin bar from frontend?
- What do I need for testing a single script in admin
- Wp-Admin extremely slow!
- Run two wordpress on the same domain
- nothing comes up when i go to my website.com/wp-admin? Which files should I look for?
- Programmatically emulate viewing a post in wp-admin
- Do not load the site as soon as you enter the WordPress panel
- How to remove some author fields from the edit comment page in wp-admin?
- When i try to open Localhost/wordpress/wp-admin . An Error appears ” Registration Has been Disabled” . No login page is shown in the browser
- Line-height of text in wp-admin
- Can I use application/json content type in WordPress
- Slow WP loading due to persistent version check, how to disable?
- Can I manage the photos that are pulled from Instagram before they are uploaded?
- do_shortcode() within Admin Page
- How do I edit an add in wp_list_table and return to same page
- admin_post_nopriv_{$action} is secure?
- Form input values are empty after submit
- Adding custom classes to elements via the WYSIWYG
- Locked out of WordPress after changing to HTTPS – Google Cloud VM
- How to make Media Library use HTTPS?
- Why does wordpress and my site create a downloadable file instead of allowing me to login?
- How to Fix WordPress Not Saving Settings?
- wp.media – drag&drop overlay stuck
- How to display status messages in admin panel
- Admin Login Checks
- I cannot go to http://novathon.cloud.reply.eu/wp-admin – always redirected to /wp-login
- Is not using admin-ajax to ajax submissions okay?
- Search plugin form on “Add Plugin” page not working
- Managing advertising code snippets
- admin_url() do not retrieve the correct url in an subdirectory install
- Ajax return 0 in plugin – ajax only used in wp-admin
- Can’t toggle between Visual and Text or Screen Options
- plugin: ‘init’ hook, check if we’re not in admin
- Is there ever a legitimate reason for an outsider to access wp-admin
- Impossible User Registration
- randomly get 400 error while user is logged in wp_ajax
- Https Website: CSS and JS files load in http and admin page does not load too