Is it safe to use admin-ajax.php in the frontend?

See documentation here but don’t miss the note 2 and the following points :

  • AJAX on the front-end is more complicated, ajaxurl is not defined so
    you have to call it with wp_localize_script().
  • you have to use wp_ajax_nopriv_{action} for non logged in users
  • there could be security issue !!!

About the third point :

Be careful because you give access to non logged in users to some data and functions. So you need to ask yourself about what you want to do. It could seem a little bit too much but to me when using AJAX on the front-end of WP you should make $_GET things, only for reading, for example infinite scroll ans stuffs like that, not delete, create and update actions.

Related Posts:

  1. How to load wp_editor via AJAX
  2. How Can I Securely Implement a Password-less Login Feature?
  3. Security and .htaccess
  4. Are there procedures to prevent malicious plugin updates?
  5. How to check plugins for malicious code?
  6. How to properly secure my WordPress installation?
  7. How can I pass a variable to wp_ajax action?
  8. Add image to post from external URL
  9. Where should my plugin POST to?
  10. Security error WP 4.0 + WP phpBB Bridge [closed]
  11. How to add a sub menu with AJAX?
  12. Create Proper WordPress Ajax Request in JavaScript, NOT jQuery
  13. Execute a function using ajax
  14. Problem running Ajax in WordPress
  15. What’s the point of using WordPress’s built in admin-ajax.php?
  16. Questions about brute force attacks on the admin username, coming from amazon IP addresses
  17. How to expire all wordpress user passwords instantly?
  18. How can I reuse the WordPress search form for a custom plugin / widget?
  19. AJAX image upload with a upload progress bar using media_handle_upload
  20. jQuery Plugin to use WordPress functions in AJAX request
  21. Should you escape hardcoded URLs?
  22. Ajax gives 400 error
  23. WordPress Plugin Page is Loading in Admin Content Container Instead of Separate Page
  24. Shortcode button dosent work for all posts. Work for first post only
  25. Simple ajax call not working in wordpress plugin
  26. How to delete Passwrd Protected posts cookies when a user logged out from the site
  27. What’s the best way to implement AJAX in WordPress?
  28. How to put JQuery/Ajax inside shortcode?
  29. __callStatic method handler passed to add_action causes bug in PHP
  30. Upgraded to latest version – 3.0.3 and Now I get a “sufficient permissions to access this page” error
  31. How to block plugin activations with no known user or coming from unknown IP address range?
  32. Check for security updates
  33. Standard Fail2Ban vs. WP Fail2ban vs. WP Fail2Ban Redux
  34. Making sure that a plugin’s scripts and stylesheets are included for dynamicaly loaded content
  35. Ajax with plugins returns 0
  36. admin-ajax.php warning max input vars exceeded on layered pop plugins [closed]
  37. Malicious File Upload [closed]
  38. Using AJAX to generate front end / viewer end pages
  39. Malware installation during plugin update?
  40. Post Comments with Ajax in WordPress
  41. Render Modula Plugin Shortcode On Ajax Request
  42. AJAX on Front-End Button Click not working – Custom Plugin
  43. How to handle WordPress Plugin Front-end AJAX Call [duplicate]
  44. AJAX Load more start with x posts
  45. How to protect WordPress from security scanner [closed]
  46. Create WordPress posts from JSON array using plugin in admin
  47. Adding inside wp-plugin jQuery script that receives JSON-formatted data, generated by php-function inside this plugin
  48. WordPress front end AJAX. Return 0 :?
  49. How to do the simplest possible frontend ajax call from a plugin?
  50. Using custom php file for ajax url inside plugin
  51. Asynchronous request in wordpress
  52. How do I localize admin-ajax.php that is used in Ajax Load More – Infinite Scroll?
  53. How to get CPT category checkbox list and show post of selected(multiply) checkboxes via ajax?
  54. Call Ajax URL in Plugin
  55. Calling a class method instantiated by ajax call in wordpress [closed]
  56. Loading by Ajax a plugin that also uses Ajax
  57. WP Insert Post If user refreshes override new post
  58. 404 errors when updating options in admin dashboard
  59. Website Captcha Error: The reCAPTCHA wasn’t entered correctly
  60. How to call php file in theme directory from plugin
  61. Can I disable xml-rpc by setting it to false?
  62. How can I adjust my function so the page editor still loads in the backend?
  63. Help to Create a Simple Plugin to make a post
  64. Error datatable whit ajax
  65. Facing Problem with admin-ajax.php URL – Getting 404 with AJAX call
  66. WP Ajax DB issues
  67. Calling PHP function with AJAX
  68. jQuery Ajax not loading page with ACF fields
  69. How achive serving multiple concurrent Ajax / Rest calls in plugin?
  70. Custom plugin giving: wp-admin/admin-ajax.php 400 (Bad Request)
  71. Overwriting Plugin’s Ajax callback function from theme
  72. admin-ajax.php not working properly on subdomains
  73. My ajax request don´t work and return 0
  74. Redux framework somehow added to my site, can’t locate in plugins
  75. Plugin with AJAX on subdomains causes 404 in console
  76. WordPress update plugin through Dashboard/Plugins displaying error
  77. wp_verify_nonce fails always
  78. Validating values using Settings API?
  79. display user input using ajax in wordpress
  80. Ajax, jQuery and WordPress
  81. Hyperlink to execute PHP
  82. How to get site homepage from plugin?
  83. Contact Form loaded with Ajax
  84. How to load a plugin when doing an Ajax call? [duplicate]
  85. WordPress plugin ajax post parameter
  86. admin panel save option with ajax
  87. Capturing POST data
  88. Pulling Advanced Custom Fields from other pages
  89. Problem with permissions in wp-content/plugins
  90. Response from Php File to Ajax is not getting sent
  91. Plugin Admin Page Ajax-Admin call returning 0, URL set correctly. Implemented localized scripts but did not fix it
  92. Load css classes after using ajax calls
  93. My WP site and password was hacked, what to do? [closed]
  94. How to resolve these findings from security audit
  95. How to make a rest style plugin?
  96. WordPress portfolio pagination on home page
  97. wordpress Ajax success doesn’t return the value
  98. Ajax button “Load more” is not loading correct language version posts for logged out users
  99. Inline AJAX script passing variables to PHP
  100. wordpress admin-ajax bad request 400
Hata!: SQLSTATE[HY000] [1045] Access denied for user 'divattrend_liink'@'localhost' (using password: YES)