How does admin-ajax.php work?

admin-ajax.php is part of the WordPress AJAX API, and yes, it does handle requests from both backend and front. Try not to worry about the fact that it is in wp-admin. I think that is a strange place for it too, but it is not a security problem in itself. How this relates to “enumerate the admins”, I don’t know.

Related Posts:

  1. Admin Ajax is returning 0
  2. wp_verify_nonce vs check_admin_referer
  3. Securing Admin Accounts – Username Discovery
  4. is_admin() returns true when using admin-ajax.php from front end script
  5. How to save dismissable notice state in WP 4.2?
  6. Allowing admin-ajax.php to receive “application/json” instead of “x-www-form-urlencoded”
  7. WP List Table custom quick edit box – post meta data missing and columns change on submit
  8. Conditional check for front-end which includes ajax
  9. Is it possible to hook AJAX to UPDATE-button?
  10. Is it safe to post form data via Ajax to the settings api? Am I missing something?
  11. Help with shortcode in admin-ajax [closed]
  12. Assuming a theme is properly secured, how save is the WordPress admin?
  13. Don’t attribute content to admin users
  14. Restrict function call to page load but not ajax call
  15. Determining whether it’s a AJAX call from front-end or from back-end
  16. WordPress ACL (folder + permissions)
  17. using rewrites to secure login page
  18. How do I diagnose a plugin resource 404?
  19. WordPress Brute Force Prevention
  20. Changing admin user id for database
  21. WordPress custom admin functions security
  22. Does deleting the table users prevent all logins?
  23. Wp ajax not working from “current_screen” admin hook
  24. Parsing post->ID in included plugin file
  25. Why does my admin email address keep changing to something random?
  26. Where to store publicly-accessible files
  27. How to fix: Clicking ‘Quick Edit’ link in Admin (edit.php) makes posts disappear?
  28. Unknown phantom user “wordpress” created with admin privileges
  29. What are the standard admin CSS id/class tags?
  30. Add custom column to Users admin panel
  31. Add a Separator to the Admin Menu?
  32. How to determine whether we are in add New page/post/CPT or in edit page/post/CPT in wordpress admin?
  33. how to know if admin is in edit page or post [duplicate]
  34. Modal window from within WordPress admin
  35. Where in WP can I check history or log of updates of plugins etc?
  36. Adding a custom admin page
  37. How to remove entire admin menu?
  38. How do I remove dashboard access from specific user roles?
  39. How can I speed up my WP admin section?
  40. How to pass parameters to admin_notices?
  41. Admin: very slow edit page caused by core meta query
  42. if admin is logged in
  43. Search posts by ID in admin
  44. How to Change the Default Home Page for the WordPress Dashboard?
  45. Setting admin edit panels & metaboxes positions and visibility for ALL users and admins
  46. Find out which moderator approved comment?
  47. The website cannot display the page
  48. How To Remove WordPress Version From The Admin Footer
  49. Sort pages in loop by admin’s page attributes order field?
  50. Edit “thank you for creating with WordPress” in version 3.3.1
  51. Hide other users’ posts in admin panel
  52. Set Default Admin Colour For All Users
  53. Editor Styles and Typekit
  54. WordPress admin stylesheet
  55. This CSS Stuffing Works, But Is This A Good Practice?
  56. Is it possible to create a WordPress tour? V3.3.1
  57. How do I optimize a custom post type admin page with 25,000 posts?
  58. Settings API – adding setting fields dynamically?
  59. Disable Media Uploads to non Admin Users
  60. How do I load a CSS style into WordPress admin area only?
  61. WordPress Ajax Data Security
  62. Nonces can be reused multiple times? Bug / Security issue?
  63. Can an admin check passwords of registered users?
  64. How can I target WordPress 3.8 new interface MP6 with CSS?
  65. Notification that the admin is online
  66. Does wordpress create activity, update logs?
  67. sort child pages on admin
  68. How-to make the admin area mobile friendly [closed]
  69. Custom column for changing post status via ajax
  70. How to remove list view from media library?
  71. How to disable the “Your site has updated to WordPress x.y.z” admin email?
  72. Load plugin scripts and styles only on plugin page
  73. Plugin to remove Admin menu items based on user role?
  74. How to obtain the user ID of the current profile being edited in WP-Admin?
  75. 3.3: How do you hide the new dashboard welcome panel?
  76. How can I make an Ajax login form work with FORCE_SSL_ADMIN enabled?
  77. Add my own button next to “Screen options” and “Help” in the admin
  78. How to hide admin account in BuddyPress? (for security reasons)
  79. Settings API – easiest way of validating checkboxes?
  80. Nonces and Cache
  81. Are there any action like ‘init_frontend’
  82. Should I use is_admin() inside ‘admin_init’ hook callback
  83. Custom admin email for new user registration
  84. Send Admin Emails to Multiple Email Addresses
  85. Stop admin-ajax?
  86. How do I set up the defualt page icon for admin menu?
  87. Prevent author from changing their posts if admin has modified
  88. Cannot access admin panel
  89. Make A WordPress Page Accessible To Admins Only, Redirect Other User Roles
  90. Disable all https in WordPress
  91. localhost/wp-admin on my local redirects to production site’s /wp-admin
  92. Is it safe to assume that a nonce may be validated more than once?
  93. How to remove administrator role in settings -> general -> New User Default Role?
  94. Is there a more efficient admin search function/plugin?
  95. Can a users profile be put under the dashboard menu
  96. WordPress Admins or Roles per Page
  97. Styling Shortcodes in Visual Editor
  98. initial sort order for a sortable custom column in admin
  99. Multiple ajax nonce requests
  100. Showing WP_Error message with admin_notice action hook

Leave a Comment

Hata!: SQLSTATE[HY000] [1045] Access denied for user 'divattrend_liink'@'localhost' (using password: YES)