admin-ajax.php
is part of the WordPress AJAX API, and yes, it does handle requests from both backend and front. Try not to worry about the fact that it is in wp-admin
. I think that is a strange place for it too, but it is not a security problem in itself. How this relates to “enumerate the admins”, I don’t know.
Related Posts:
- Admin Ajax is returning 0
- wp_verify_nonce vs check_admin_referer
- Securing Admin Accounts – Username Discovery
- is_admin() returns true when using admin-ajax.php from front end script
- How to save dismissable notice state in WP 4.2?
- Allowing admin-ajax.php to receive “application/json” instead of “x-www-form-urlencoded”
- WP List Table custom quick edit box – post meta data missing and columns change on submit
- Conditional check for front-end which includes ajax
- Is it possible to hook AJAX to UPDATE-button?
- Is it safe to post form data via Ajax to the settings api? Am I missing something?
- Help with shortcode in admin-ajax [closed]
- Assuming a theme is properly secured, how save is the WordPress admin?
- Don’t attribute content to admin users
- Restrict function call to page load but not ajax call
- Determining whether it’s a AJAX call from front-end or from back-end
- WordPress ACL (folder + permissions)
- using rewrites to secure login page
- How do I diagnose a plugin resource 404?
- WordPress Brute Force Prevention
- Changing admin user id for database
- WordPress custom admin functions security
- Does deleting the table users prevent all logins?
- Wp ajax not working from “current_screen” admin hook
- Parsing post->ID in included plugin file
- Why does my admin email address keep changing to something random?
- Where to store publicly-accessible files
- How to fix: Clicking ‘Quick Edit’ link in Admin (edit.php) makes posts disappear?
- Where in WP can I check history or log of updates of plugins etc?
- How to Change the Default Home Page for the WordPress Dashboard?
- How do I optimize a custom post type admin page with 25,000 posts?
- How-to make the admin area mobile friendly [closed]
- 3.3: How do you hide the new dashboard welcome panel?
- Should I use is_admin() inside ‘admin_init’ hook callback
- Disable the post save process completely
- How can we customize the logo and some text on the welcome screen?
- How can I send data to admin-ajax via JS Fetch?
- Enqueue jQuery UI Tabs In Admin Area
- Pagination Error on Admin (You do not have sufficient permissions)
- How to Use Resposive Tables in WordPress ADMIN Pages?
- WordPress redirects me to homepage after page update in admin section
- How to publish page that can’t be detected by search engines?
- Custom taxonomy admin page
- How can I activate Collapse Menu in WordPress?
- Help extending custom drag-drop page ordering on admin page list screen
- How do I enable new account notification emails (to the administrator)?
- Change the Default Pages Menu View in wp-admin
- In administration, how do I display comments of a certain user?
- WordPress stripping html and script tags from some admin users on save
- Why are my styles being applied to the admin area?
- How to disable automatic excerpt generation *in admin*?
- Associating custom submenu item with post type of top level menu item
- Two admins in Users and one in the database?
- Single category’s posts list in admin menu
- Editing the Backend Uploader
- Using shared SSL for login/admin
- How to add a custom-post-type post within another custom-post-type post edit screen using AJAX?
- How to add custom classes to admin list table default rows or columns?
- How to hide a specific part of dashboard for non-admin roles?
- WordPress Remove Submenus
- page not updating with database
- Client system for media review?
- Is it secure to use admin-ajax.php in front?
- Seems that admin_post_{action} does not executing
- If statement for admin page
- Customizing WordPress Admin – How to Change the Avatar size
- Create a WordPress administrator without access to back-end
- How to log out from admin or front-end only?
- Shared account / dual blogging in WordPress
- admin_enqueue_scripts not rending JS file correctly
- how to show admin notice in custom menu page after submitting the form?
- Accidentally changed website url
- Private post hidden from Admin too
- Send admin to a different login than users?
- How much traffic is real traffic?
- Getting rid of menu items on a custom taxonomy
- Having problem creating local instance of wordpress site
- WordPress Plugin Admin Tab
- Ajax request sends url rather than data
- Gutenberg UI has changed
- How To Remove Import/Export Option From Tools?
- Highlight active Admin Menu when added though add_menu_page
- Unable to access admin web page
- exclude ID on avatar
- Missing content on website. Admins cant sign in
- Is Post-Form Resubmission somehow prevented in WordPress 4.2.2?
- How to sort post_meta in edit.php?
- Scripts are not called until I login from wordpress backend
- Link to all posts page?
- WP Logs me out after updating anything on dashboard
- Adding additional text fields and image upload to a Page?
- If the only thing I use MySQL for is WordPress, do I need MySQL’s timezone tables?
- plugin to upload to youtube via wordpress [closed]
- My Account Lost Administrator permission
- WordPress admin panel is blank
- Use the wordpress admin table
- deploying a standard build of wordpress in WHM/cPanel
- Add custom css class to wp-list-table row for custom post type
- Custom column with post ID not working in CPT
- AJAX WP_Query’s order and orderby parameters not working
- Modify ‘the_content’ appearance in the admin area