Is it safe to use admin-ajax.php in the frontend?

See documentation here but don’t miss the note 2 and the following points :

  • AJAX on the front-end is more complicated, ajaxurl is not defined so
    you have to call it with wp_localize_script().
  • you have to use wp_ajax_nopriv_{action} for non logged in users
  • there could be security issue !!!

About the third point :

Be careful because you give access to non logged in users to some data and functions. So you need to ask yourself about what you want to do. It could seem a little bit too much but to me when using AJAX on the front-end of WP you should make $_GET things, only for reading, for example infinite scroll ans stuffs like that, not delete, create and update actions.

Related Posts:

  1. Custom plugin giving: wp-admin/admin-ajax.php 400 (Bad Request)
  2. Frontend AJAX Request causes Error: ‘Call to undefined function add_action’
  3. Overwriting Plugin’s Ajax callback function from theme
  4. 504 Timeout gateway when trying to pay for an order in Woocommerce. What else can I do?
  5. Ajax Load More on Hierarchical Categories
  6. cURL do not mimic click
  7. admin-ajax.php not working properly on subdomains
  8. Help with customising love it plugin (use within foreach)
  9. My ajax request don´t work and return 0
  10. Ajax call fails and returns [object Object]
  11. WordPress environment not loading properly
  12. Redux framework somehow added to my site, can’t locate in plugins
  13. wordpress ajax pagination object value does not change
  14. Plugin with AJAX on subdomains causes 404 in console
  15. WordPress update plugin through Dashboard/Plugins displaying error
  16. Creating new option (add_option) from AJAX – Settings API
  17. How can I use wp_ajax_response for front-end error reporting?
  18. WordPress Feedback popup with date saved into table
  19. How to limit each front-end user to view just his own uploaded files on Amazon S3?
  20. Not getting result using ajax on wordpress
  21. Being hacked. Is there a list of WordPress security holes I can check against?
  22. wp_verify_nonce fails always
  23. Javascript not working
  24. Ajax specific template not loading in replacement of index.php
  25. WordPress ajax not working in registration
  26. AJAX login without a plugin does not work. when add a action to function.php
  27. How can i see/log all requests coming from a registration form (not from the UI)?
  28. Write mysql credentials in plugin
  29. Site is continuously accessing by several IPs
  30. Ajax return 0 in plugin – ajax only used in wp-admin
  31. What’s the preferred method of writing AJAX-enabled plugins?
  32. AJAX doesn’t pass variables to the php function in the plugin
  33. using jquery serialize in ajax operation for plugin
  34. ajax request not returning the result
  35. Validating values using Settings API?
  36. using .htaccess only for wordpress security no plugins
  37. How do I convince this button to do something when it is clicked?
  38. Like/Dislike Bar not working when updating
  39. SWF in wordpress post
  40. display user input using ajax in wordpress
  41. Ajax, jQuery and WordPress
  42. Plugin constructor called multiple times
  43. Hyperlink to execute PHP
  44. How to get site homepage from plugin?
  45. Contact Form loaded with Ajax
  46. How to load a plugin when doing an Ajax call? [duplicate]
  47. Ajax Not Working If The Handler is Located Outside Plugin Submenu Page Function
  48. Build and ajax plugin not work
  49. Unwanted Links and Spam WordPress Pages and Posts
  50. WordPress plugin ajax post parameter
  51. admin panel save option with ajax
  52. Capturing POST data
  53. My AJAX API plugin isn’t working
  54. ajax sends data to plugin
  55. Pulling Advanced Custom Fields from other pages
  56. Problem with permissions in wp-content/plugins
  57. Trouble After Update, Removing Plugin
  58. Trouble Removing Plugin [closed]
  59. Response from Php File to Ajax is not getting sent
  60. Help me with my first very basic plugin
  61. Plugin Admin Page Ajax-Admin call returning 0, URL set correctly. Implemented localized scripts but did not fix it
  62. How to change response of admin-ajax request?
  63. File permissions for wp-minify plugin
  64. Ajax not working for logged in users
  65. Load css classes after using ajax calls
  66. What is the recommended way to be notified of security updates to my plugins? [closed]
  67. My WP site and password was hacked, what to do? [closed]
  68. How to resolve these findings from security audit
  69. Advanced Ajax Page Loader and Masonry Grid
  70. How to create load more button without a plugin?
  71. How to make a rest style plugin?
  72. WordPress portfolio pagination on home page
  73. How I can hide my wp folders from Inspect Element (Developer Tools)
  74. How to Find WordPress site has backdoor login Codes
  75. How to delete Password Protected posts cookies when a user logged out from the site
  76. wordpress Ajax success doesn’t return the value
  77. Jquery post responses 500 error after some time and lastly an 503 error
  78. Ajax button “Load more” is not loading correct language version posts for logged out users
  79. How to rename files during upload to a random string?
  80. Ajax Called in Plugin php file
  81. Ajax Load More stopped working (Plugin with repeater template, shows hidden Button)
  82. How do I call an action hook into wp_ajax hook callback function
  83. Inline AJAX script passing variables to PHP
  84. Select posts from list and add them in a new list
  85. wordpress admin-ajax bad request 400
  86. Stop the user if login from the cookies
  87. WordPress User Registration/ Sign Up -> Able to take Paid Certification Courses & keep track of Completed Certificates
  88. Block Root REST API Route using custom &/or iThemes
  89. Is it a good idea to restrict the REST API
  90. WordPress.Security.NonceVerification.Recommended
  91. I am trying to add form using ACF plugin and acf_form() function, but my user fields dont show up properly
  92. Secure way to add JS Script to WordPress filesystem
  93. Not applying update field (acf) in my plugin
  94. How to get wp_editor field content when it is inside a Form?
  95. What is the best way to ignore wordpress administration using add_filter($title) also when Ajax request
  96. Bullet proofing a server with 150 WP insallations
  97. Ajax response from Media Selection does not update ALL information more than once
  98. Code Snippets security when selecting “only run on front end”
  99. Simple ajax request with Vanilla JS keeps given 400 Bad Request
  100. How to ajaxify all pages of my Wp Site
Hata!: SQLSTATE[HY000] [1045] Access denied for user 'divattrend_liink'@'localhost' (using password: YES)