I don’t see any is_admin conditional statement which is why you should include it in your snippet so we can properly assess what you are attempting to do outside of the obvious question.
Either way a nonce should be mandatory. That function that receives and processes your AJAX request/response should also verify your nonce to ensure the request is a valid and secure request – even IF the request is originating from the back-end, it still could be insecure or an attempt to exploit the system.
Also look at:
Related Posts:
- Reduce nonce lifespan
- When is it useful to use wp_verify_nonce
- How to get the wpnonce value?
- How can I create a plugin installation link?
- Security checking in meta_box save is reluctant?
- wp_create_nonce function doesn’t work inside a plugin?
- Nonce failing on form submission
- How to add a WordPress Nonce for this form to avoid CSRF
- Nonce failing with second argument
- Unable to update plugins or log out
- wp_verify_nonce fails always
- Is Nonce Verification (CSRF) required for WordPress Custom Bulk User Actions?
- License validate function
- Sanitize $_GET variable when comparing
- Include Minit plugin in theme [closed]
- Plugin for an interactive image? [closed]
- Where can I save plugin data?
- echo get_option in header template
- How to display all functions (hooks, filters, or custom php) used on a page inline
- wp_enqueue_style on template_redirect level?
- Plugin not working & permalink erorr after upgrade to php 7x on Nginx
- Clear out old images, any advice?
- problem with sql query
- Access post title from custom meta box on title change
- How to add a new column with text fields to WooCommerce Cart List?
- How to use filter to disable adding a product to wishlist?
- Running multiple security plugins
- Save user total active time after login in wordpress [closed]
- add_query_arg not work in admin
- Add a “View all” button on WooCommerce product archives pages
- Opening a JQuery modal window on click of a button with a JQuery plugin
- I am trying to make a field show and save from quickedit screen
- Merge tags in multistep Gravity Form?
- Add to array, redirect and display
- How to track analytics with a WordPress site under the same domain as my main site?
- Can I clone plugin folder to another directory so that I don’t have to reinstall them?
- correctness of URL
- Woocommerce: limit user to see only the products he created
- Woocommerce singe product custom gallery output works just on the first slide
- how do I secure my WP website from hackers? [closed]
- How do I set up XAMPP to allow me to download plugins and themes?
- How can I load the css and jquery explicitly for the login screen
- Overriding an Array in a Plugin’s Class/Function from functions.php
- wp_redirect doen’t work
- Canvas | Bouncing balls within a container (with gravity and collisions and background-images on the balls)
- Plugin translation not working on WordPress.org
- PHP if statement with German umlauts [closed]
- Send email with list of active plugins upon activation/deactivation
- OceanWP settings are missing from Add New Post [closed]
- Built a second plugin but it overwrote the first one
- WordPress gtag.js with User ID tracking
- Creating a functionality plugin to edit seriously simple podcasting
- Override plugin class which has namespace
- in source code but I can’t find it in files or plugins
- Historical customisations won’t go away [closed]
- Is it unethical to remove another plugin’s meta keys?
- Disable plugin If slug contains specific word
- How to include a custom field in the woocommerce email?
- get_comments_number() giving wrong results! What are alternatives?
- Plugin temporary files and files to download via FTP
- $pages = get_pages(‘child_of=’.$post->ID); Why arguments are concatenated?
- Why does this code snippet create a critical error on my site? [closed]
- What is the purpose of a companion plugin
- woocommerce search by sku and title ajax
- How to extract a .wp-env.json or composer.json containing plugin versions from a production website?
- jQuery Click event is not fired at all
- WordPress: Add custom add_filter for custom functions
- WordPress Site is Broken, Cannot see wp-admin page [closed]
- Is there a script to collect all hooks and filters provided by a plugin?
- How to manipulate the content within wp_head
- Getting error “Warning: mysql_query(): Can’t connect to local MySQL server through socket ‘FILEPATH/cccatalog-plugin.php on line 1656”
- Change in one place the data about the company, which are placed on several pages
- Programatically upload a file to be stored inside blob field in database, NOT on filesystem
- Woocomerce add info after order email prouct item
- Updating WordPress plugin admin panel footer text
- WordPress super admin login issue. (Automatically logout)
- How do I add a plugin dependency to my customized theme?
- WordPress – source link plugin – how to modify it?
- How WordPress core manage the plugin installation
- Flickering sidebar when scrolling page [closed]
- How to add table class for tables of TinyMCE advanced wordpress plugin? [closed]
- All in One SEO Pack error message
- Shortcode not working – quotes seems strange
- Displaying content based on drop-down menu selection sitewide
- How do I make a shortcode to display the shop name on Dokan?
- Background Music WP [closed]
- How to fix broken media library?
- WordPress failing to update plugins
- Image tooltip enable/disable
- Using custom fields for image alt and title
- DB Query not working in Plugin
- Remove Pagination for Product Category Pages WooCommerce
- Is there a plugin or a way in the wordpress that would let us have different versions of a post or page accessibe to users?
- Error trying to update plugins
- Get all the URLs of the pages that uses a specific shortcode
- WordPress permissions error with admin account
- Deactivation Hook does not remove database
- Looking for Gallery Plugin [closed]
- How to accept images at multiple sizes and aspect ratios and display as standardized image size / ratio?
- Notice: Undefined index: mtral_field_subscriber