Do I require the use of nonce?

I think required would mean that “it doesn’t work without it”. It will work, but the question is of security and best practices. Even if it doesn’t seem necessary, it’s better to play in the safe side and do it always.

You have to enqueue your JavaScript like bellow, passing PHP values (like the admin Ajax URL and the nonce) with wp_localize_script.

function enqueue_wpse_114600() 
{
    wp_register_script( 
         'my-ajax' // Handle
        , get_template_directory_uri() . '/js/ajax.js'
        , array( 'jquery' ) 
    );   
    wp_enqueue_script( 'my-ajax' );    
    wp_localize_script( 
         'my-ajax', // Handle
         'my_ajax', // Object name
         array( 
             'ajaxurl'     => admin_url( 'admin-ajax.php' ),
             'ajaxnonce'   => wp_create_nonce( 'ajax_validation' ) 
        ) 
    );
}

The JS would be like bellow, accessing the passed values with the Object Name, in this case my_ajax.any_value_you_passed.

jQuery( document ).ready( function( $ ) 
{ 
     var data = {
         action: 'countHits',
         security: my_ajax.ajaxnonce
     };   
     $.post( 
         my_ajax.ajaxurl, 
         data,                   
        function( response ) {
            if( !response.success )
            {
                // No data came back, maybe a security error
                if( !response.data ) console.log( 'AJAX ERROR: no response' );
                else console.dir( response.data.error );
            }
            else console.dir( response.data );
        }
     ); 
});

And in your Ajax action, check for the nonce with check_ajax_referer and use the functions wp_send_json_* that to send the result back (be a simple true or complex objects). 

function countHits()
{
    check_ajax_referer( 'ajax_validation', 'security' );
    $ok = something();
    if( !ok )
        wp_send_json_error( array( 'error' => __( 'Not ok.' ) ) );
    else
        wp_send_json_success( $ok );
}

Related Posts:

  1. Security – Ajax and Nonce use [closed]
  2. Problem with WordPress Ajax form
  3. wp_insert_post() is returning the correct post ID, no failure, but the post content does not get updated
  4. How to test nonce with AJAX – Plugin development
  5. WordPress ajax doesn’t display object method on jQuery .change() function
  6. Why ajax doesn’t work on certain wordpress hooks and reload the page instead?
  7. adjust section according to country?
  8. Execute Jquery when a specific page in my plugin is loading
  9. Ajax on the Administration Side of plugin – wp_localize_script – how to pass value from JQuery to PHP function in class?
  10. Input field duplicates on form submit by jQuery
  11. defined (‘ABSPATH’) false after AJAX post to other PHP-file
  12. getJSON response to PHP
  13. ajax problems on loading page [closed]
  14. Can I use the same nonce for multiple requests on the same page?
  15. Retrieve POST data from AJAX call
  16. Detect a focus on wp_editor
  17. How to use wp_localize_script in a WordPress page other than functions.php?
  18. Real time Duplicate title check
  19. Load custom field value into div with AJAX
  20. Jquery ajax to custom php file: returning blank data
  21. Update WordPress Custom Field with AJAX on cached page
  22. Looking for a better way to handle an ajax script that pulls in post data on click
  23. Display notification only once
  24. Access/update database with jQuery
  25. Passing jQuery value using Ajax to a page template
  26. Returning a value from a PHP page
  27. Why is this Ajax not working?
  28. Stumped – Ajax Response Returns 0
  29. Colorbox ajax loading of outside HTML content works perfect on localhost but not on server
  30. doing an ajax request always outputs 0
  31. Woocommerce add to cart quantity buttons with AJAX
  32. class click counter save number
  33. AJAX request status 200 but no actual “response”
  34. wordpress count link clicks by ip address
  35. ajax, right way to do it and make it works?
  36. Ajax load more posts with multiple tax query
  37. WordPress Sending data to Ajax with select option
  38. Ajax request not sending to server and returning – wp-admin/admin-ajax.php 400
  39. Save Search System
  40. populate form fields in a loop with ajax
  41. dynamic dependent select dropdown
  42. Are nonces in WP REST API optional by default?
  43. How to send Ajax request from my plugin in admin dashboard?
  44. Setting value of session with Ajax not working
  45. AJAX success response is not working but it’s saving my changes
  46. Plugins not working on AJAX requests
  47. How to disable controls in theme customizer?
  48. How do I Import / Upload Files with jQuery AJAX?
  49. WordPress Ajax Call inserting data but success response false
  50. Ajax contact form return 0
  51. Unset session variable on page reload / setup but exclude AJAX
  52. Using data sent via AJAX in multiple functions on a WP plugin
  53. Function won’t run onclick using Ajax
  54. My jQuery Ajax form submit is still refreshing page?
  55. jQuery Ajax PHP function call returning [object Object]
  56. How to use the wpsnonce clone post link?
  57. Removed jQuery script from header.php , any problems?
  58. Submit form to db
  59. what does $options = get_option(‘test_theme’); do?
  60. Change Query Arguments (filter) with jQuery/Ajax or PHP?
  61. How to load previous or next attachment with jquery ?
  62. Validating an email input from form field before submit using JQuery, AJAX, and PHP
  63. WordPress cascading dropdown selection search based on Parent Page & Child Page
  64. Tracking Visitor LatLng with WordPress using JS, PHP. How to put data which was extract using JS into DB
  65. jquery & ajax getting data from php in wordpress . admin-ajax.php returns 400
  66. Failed to load resource: the server responded with a status of 500 (Internal Server Error) through wp_admin_ajax.php
  67. Settings API form – submit with AJAX
  68. Ajax filter with loadmore button
  69. Admin-ajax.php 404 error
  70. How to pass values from one function to the other using an array variable
  71. Update $wpdb query with AJAX
  72. custom mailchimp form using HTTP API
  73. AJAX to add to cart multiple products woocommerce
  74. wp_set_object_terms returns 500 error when called through AJAX function
  75. How can i send id of the currently posted form data through json response in custom wordpress plugin?
  76. Cannot successfully execute AJAX script to call function.php specific function. Using XAMPP localhost to test
  77. WordPress ajax filter returning all posts when it should be filtering by category
  78. How can i get the same ajax result using WP REST API instead of admin-ajax?
  79. Remove item from post_meta array via AJAX
  80. AJAX Filter WHILE Loop not working WordPress
  81. WordPress 404 when using AJAX to call php function
  82. wordpress ajax pagination
  83. WordPress AJAX load post metadata in modal
  84. Why I’m Not Having Access to “$_POST” Data Outside My AJAX Callback?
  85. Submitting my form to the database and then redirecting to payment site
  86. Pass the updated value of aid from form using ajax
  87. 500 (Internal Server Error) of external php file
  88. Use jQuery and AJAX to get HTML
  89. Adding instant search to wordpress page
  90. How to get site homepage from plugin?
  91. Dynamic Gallery
  92. Using Nonce for my Form
  93. Loading a post’s content, into a div outside the loop, when it’s title is selected in a list
  94. AJAX & PHP | Call a specific PHP function from a PHP file via AJAX?
  95. Cookie not created in AJAX request
  96. Why not showing all post by default in my jquery filter
  97. Jquery autosave text area after typing
  98. Pass a PHP variable (loop-audio.php) to jQuery function (js/script.js)
  99. notify users when changed database
  100. How to pass and validate nonce in custom REST routes

Leave a Comment