How does admin-ajax.php work?

admin-ajax.php is part of the WordPress AJAX API, and yes, it does handle requests from both backend and front. Try not to worry about the fact that it is in wp-admin. I think that is a strange place for it too, but it is not a security problem in itself. How this relates to “enumerate the admins”, I don’t know.

Related Posts:

  1. Admin Ajax is returning 0
  2. wp_verify_nonce vs check_admin_referer
  3. Securing Admin Accounts – Username Discovery
  4. is_admin() returns true when using admin-ajax.php from front end script
  5. How to save dismissable notice state in WP 4.2?
  6. Allowing admin-ajax.php to receive “application/json” instead of “x-www-form-urlencoded”
  7. WP List Table custom quick edit box – post meta data missing and columns change on submit
  8. Conditional check for front-end which includes ajax
  9. Is it possible to hook AJAX to UPDATE-button?
  10. Is it safe to post form data via Ajax to the settings api? Am I missing something?
  11. Help with shortcode in admin-ajax [closed]
  12. Assuming a theme is properly secured, how save is the WordPress admin?
  13. Don’t attribute content to admin users
  14. Restrict function call to page load but not ajax call
  15. Determining whether it’s a AJAX call from front-end or from back-end
  16. WordPress ACL (folder + permissions)
  17. using rewrites to secure login page
  18. How do I diagnose a plugin resource 404?
  19. WordPress Brute Force Prevention
  20. Changing admin user id for database
  21. WordPress custom admin functions security
  22. Does deleting the table users prevent all logins?
  23. Wp ajax not working from “current_screen” admin hook
  24. Parsing post->ID in included plugin file
  25. Why does my admin email address keep changing to something random?
  26. Where to store publicly-accessible files
  27. How to fix: Clicking ‘Quick Edit’ link in Admin (edit.php) makes posts disappear?
  28. Where in WP can I check history or log of updates of plugins etc?
  29. How to Change the Default Home Page for the WordPress Dashboard?
  30. How do I optimize a custom post type admin page with 25,000 posts?
  31. How-to make the admin area mobile friendly [closed]
  32. 3.3: How do you hide the new dashboard welcome panel?
  33. Should I use is_admin() inside ‘admin_init’ hook callback
  34. Disable the post save process completely
  35. How can we customize the logo and some text on the welcome screen?
  36. How can I send data to admin-ajax via JS Fetch?
  37. Enqueue jQuery UI Tabs In Admin Area
  38. Pagination Error on Admin (You do not have sufficient permissions)
  39. How to Use Resposive Tables in WordPress ADMIN Pages?
  40. WordPress redirects me to homepage after page update in admin section
  41. How to publish page that can’t be detected by search engines?
  42. Custom taxonomy admin page
  43. How can I activate Collapse Menu in WordPress?
  44. Help extending custom drag-drop page ordering on admin page list screen
  45. How do I enable new account notification emails (to the administrator)?
  46. Change the Default Pages Menu View in wp-admin
  47. In administration, how do I display comments of a certain user?
  48. WordPress stripping html and script tags from some admin users on save
  49. Why are my styles being applied to the admin area?
  50. How to disable automatic excerpt generation *in admin*?
  51. Associating custom submenu item with post type of top level menu item
  52. Two admins in Users and one in the database?
  53. Single category’s posts list in admin menu
  54. Editing the Backend Uploader
  55. Using shared SSL for login/admin
  56. How to add a custom-post-type post within another custom-post-type post edit screen using AJAX?
  57. How to add custom classes to admin list table default rows or columns?
  58. How to hide a specific part of dashboard for non-admin roles?
  59. WordPress Remove Submenus
  60. page not updating with database
  61. Client system for media review?
  62. Is it secure to use admin-ajax.php in front?
  63. Seems that admin_post_{action} does not executing
  64. If statement for admin page
  65. Customizing WordPress Admin – How to Change the Avatar size
  66. Create a WordPress administrator without access to back-end
  67. How to log out from admin or front-end only?
  68. Shared account / dual blogging in WordPress
  69. admin_enqueue_scripts not rending JS file correctly
  70. how to show admin notice in custom menu page after submitting the form?
  71. Accidentally changed website url
  72. Private post hidden from Admin too
  73. Send admin to a different login than users?
  74. How much traffic is real traffic?
  75. Getting rid of menu items on a custom taxonomy
  76. Having problem creating local instance of wordpress site
  77. WordPress Plugin Admin Tab
  78. Ajax request sends url rather than data
  79. Gutenberg UI has changed
  80. How To Remove Import/Export Option From Tools?
  81. Highlight active Admin Menu when added though add_menu_page
  82. Unable to access admin web page
  83. exclude ID on avatar
  84. Missing content on website. Admins cant sign in
  85. Is Post-Form Resubmission somehow prevented in WordPress 4.2.2?
  86. How to sort post_meta in edit.php?
  87. Scripts are not called until I login from wordpress backend
  88. Link to all posts page?
  89. WP Logs me out after updating anything on dashboard
  90. Adding additional text fields and image upload to a Page?
  91. If the only thing I use MySQL for is WordPress, do I need MySQL’s timezone tables?
  92. plugin to upload to youtube via wordpress [closed]
  93. My Account Lost Administrator permission
  94. WordPress admin panel is blank
  95. Use the wordpress admin table
  96. deploying a standard build of wordpress in WHM/cPanel
  97. Add custom css class to wp-list-table row for custom post type
  98. Custom column with post ID not working in CPT
  99. AJAX WP_Query’s order and orderby parameters not working
  100. Modify ‘the_content’ appearance in the admin area

Leave a Comment