Properly applying nonce to a form using AJAX

You just need to send the nonce along with your AJAX data:

$.ajax({
    type: 'POST',
    url : profile_edit.ajaxurl,
    data: $('#profile_update').serialize() +
        '&my_nonce=" + profile_edit.nonce +
        "&action=update_profile_post', // don't forget the action name!
});

Alternatively, since you’re using jQuery’s serialize() function, you could just add the nonce directly in the form:

<?php wp_nonce_field( 'update_profile_validation', 'my_nonce' ); ?>

Then since you’re doing AJAX, you’d use check_ajax_referer() to verify the submitted nonce:

function update_profile_post() {
    check_ajax_referer( 'update_profile_validation', 'my_nonce' );
    // ... the rest of your code.
    wp_die();
}

Check the WordPress developer site here for more details.

Additionally, I’d use two functions instead of calling the same update_profile_post() from the form and the AJAX callback. Something like this would do:

function ajax_update_profile_post() {
    check_ajax_referer( 'update_profile_validation', 'my_nonce' );

    // call update_profile_post() with submitted parameters
    // or call wp_update_post() directly

    wp_die();
}
add_action( 'wp_ajax_update_profile_post', 'ajax_update_profile_post' );

function update_profile_post( $args ) {
    // call wp_update_post( $args ) here
    // or just call wp_update_post() directly in your form
}

Also, the REST API offers a more structured and predictable way to interact with your site, so you should consider using the API to handle your AJAX actions. In fact, there’s an existing endpoint for updating a post. 🙂

UPDATE

  1. If you haven’t, check out the AJAX guide on the WordPress’ plugin handbook. You’ll get more information there that I didn’t include in this answer. 🙂

  2. About that // don't forget the action name!, it just means that you need to send the action name along with the AJAX data so that WordPress knows which function should be called, which is the above ajax_update_profile_post() or the update_profile_post() as in the question. And if you didn’t send the action name, then you’d likely get the famous 400 Bad Request error with the output 0 (which is why the REST API is better since it can tell you the exact error).

    And by action name, I’m referring to the <action> part as in wp_ajax_<action>, which in the question is update_profile_post.

  3. Are we missing a wp_ajax_no_priv action?” — Yes, if you’re allowing non-authenticated users (or those who’re not logged in) to use the form.

Related Posts:

  1. Where and how to put inline js in pages
  2. Does WordPress Development Mode Exist (with not minified JS)?
  3. Apply jquery script to only woocommerce product pages and categories
  4. Run Product Filter Javascript On Page Template
  5. Enqueuing External Javascript functions.php
  6. How to enqueue JavaScript for specific WordPress pages only?
  7. Defer all js except certain ones in functions.php file
  8. Enqueuing Script in functions.php vs on the page
  9. Clean-up script tags
  10. Search user metadata with checkboxes via ajax (almost working)
  11. wp_enqueue JavaScript in child-theme (ReferenceError) using Search & Go
  12. Why is my Gutenberg block returning an error after initial save?
  13. jquery won’t load in footer
  14. How to properly add NPM packages and integrate them in WordPress?
  15. How to filter a table in post content without plugins? [closed]
  16. Get Current User info using wp_localize_script, in functions.php
  17. How to get the post_name when in preview?
  18. Replace menu links with # and add name to its li
  19. wp_is_mobile dequeue not working
  20. Why won’t my scripts load?
  21. Loading CDN that requires jQuery in WordPress
  22. How to hide unused profile fields?
  23. wp_register_script(… $in_footer = true) not working
  24. Scripts not appending to element in AJAX call – why?
  25. call of javascript function to external url always blocked by cors
  26. Including a specific Javascript Script in a template. Is my code correct?
  27. How to search using ajax for exact phrase or words in an input field?
  28. how to en-queue jQuery to load before the tag
  29. Overwriting the menu break points of twentysixteen in child theme
  30. How do I remove the date and category form my portfolio pages
  31. I can’t enqueue my scripts – They literally aren’t being added to my site
  32. Javascript function not working when placed in Text Block
  33. I have problems with loading javascripts
  34. wp_nonce_field is breaking form for reasons unknown
  35. Adding javascript to functions.php causes problems with my template
  36. Dequeue script to prevent javascript event conflict on wordpress child theme
  37. javascript and css links not working on sever
  38. Run a jquery script on on a certain template page
  39. Enable right click on WordPress site
  40. The correct way to add a JavaScript in the functions.php [closed]
  41. Javascript not loading after the document ready
  42. Theme JS is available but theme CSS isn’t
  43. Auto scroll to id on page load on all pages except home page. Only do this on mobile
  44. Need help with customalert that it would read on a normal page, but not in WordPress
  45. How to load jQuery in TOP of wp_footer?
  46. Include Jquery libraries in wordpress theme?
  47. Linking Javascript in functions.php file
  48. Dequeue scripts in IE7 only using functions.php
  49. Why a SlideShow (made using JQuery FlexSlider) can’t work if I load it form functions.php but work if I load it from my footer.php file? [closed]
  50. Creating multiple category drop down
  51. Creating a custom wordpress widget and stopping js from running twice(once in active widget once in widget selector)?
  52. How to setup a popup registeration page in wordpress with function.php
  53. Custom attributes to javascript tags
  54. wp_enqueue_script() not working
  55. How to change text color depending on the number value (Using javascript)
  56. Add custom taxonomy using JS in post editor
  57. wp_set_object_term via js btn frontend
  58. Display Script in Header When URL Variable Present
  59. Running javascript without hooking wp_head
  60. Ajax in plugin fails – but only on one blog – no idea why
  61. How to add javascript code into Divi child theme?
  62. Changing the default view of “The Events Calendar” for mobile
  63. Override plugin function to show invoices even if not logged in
  64. How To Display Author Popup on Entry Meta (Genesis Framework)?
  65. Help wiht adding fullcalendar.io to a WordPress page
  66. Multiple Notifications SetInterval
  67. Get child-pages slugs of current page into js-file
  68. admin-ajax.php & my wp-admin folder url showing in header
  69. Some code is added automatically to my site’s header – what is it?
  70. wordpress ajax is not working for dropdown selection
  71. Javascript and Stylesheet in child page
  72. Automatic add space if user enters number(any digit)
  73. Search and Replace Script Loader in Head Only Works in Footer
  74. custom post with loading script per single post
  75. Why are some custom javascript files working but some are not
  76. WordPress Javascript Widget jQuery Dependency Issue
  77. java script error Uncaught SyntaxError: Unexpected token ILLEGAL
  78. How do I get my nav menu to show sub pages?
  79. Why wp_ajax hooks doesn’t work?
  80. new to javascript – using in instead of functions.php, not loading correctly
  81. comment_post function with js not running
  82. Animated Accordion [closed]
  83. Get all users from role and add to dropdown (select) – wordpress, javascript
  84. Can’t find function which is called in a wordpress theme
  85. dynamically import array from another js file in WordPress
  86. WordPress enque the same script causes the setInterval not to work
  87. iOS and ajaxComplete
  88. opening links in new tab using – add_filter( ‘the_content’, ‘make_clickable’);
  89. Set default options for inserting media
  90. Session is not starting
  91. Display trackbacks separately from comments in twentyeleven
  92. Selective Product Category for Carousel
  93. How to change login labels
  94. error in getting post id
  95. Get urls of images in a gallery?
  96. A better way to get stats
  97. Get URLs for AJAX Filter Checkboxes WordPress
  98. Error function main() is a non-object to construct my Ajax.php
  99. Help with my first Metabox helper class
  100. Remove Disqus JavaScript from homepage
techhipbettruvabetnorabahisbahis forumutaraftarium24eduedueduedueduseduedueduedusedus