Security to delete post by Admin

At first, read something about WordPress Ajax API and about Roles and Capabilities – capability to “edit_posts” has even Contributor. I would suggest to check for ‘delete_others_posts’ to prove the user is at least Editor. Or use capability of ‘manage_options’ (has Administrator, not Editor).

Further, there is a check ajax referer function for you to help prevent entries from outside your website. Read more about nonces also.

Here is an example from the codex on using nonces when in AJAX:

In your main file, set the nonce like this: 

<script type="text/javascript">
jQuery(document).ready(function($){
    var data = {
        action: 'my_action',
        security: '<?php echo $ajax_nonce; ?>',
        my_string: 'Hello World!'
    };
    $.post(ajaxurl, data, function(response) {
        alert("Response: " + response);
    });
});
</script>

In your ajax file, check the referrer like this: 

add_action( 'wp_ajax_my_action', 'my_action_function' );
function my_action_function() {
    check_ajax_referer( 'my-special-string', 'security' );
    echo $_POST['my_string'];
    die;
}

Related Posts:

  1. Confirmation box when submitting post for review
  2. Ajax Load More Posts in Category Page
  3. Dynamically update post title in admin page
  4. Developing a secure front end posting form
  5. Getting an alphabetic post list with two letters onclick on letter
  6. How to load post content on index page using ajax when post title in sidebar is clicked
  7. Developing a secure front end post editing form
  8. POST from jQuery to PHP
  9. Working Bootstrap Carousel Conversion to WP – Technical Questions
  10. “Uncaught SyntaxError: Unexpected token
  11. Disable REST API for a user ROLE
  12. Add confirmation popup on “Move to Trash”
  13. Embed WordPress Admin in an iframe
  14. The correct way to call posts with ajax
  15. How do I use Ajax to show the new posts realtime, on the frontpage
  16. The ‘https_local_ssl_verify’ filter
  17. How to create a load more post entries like Twitter?
  18. Disable Jquery UI post tabs
  19. jQuery inluclude still seems ncessary for script to work within post
  20. Ajax load more button in Recent posts widget
  21. Ajax Dynamic Archives not showing correct results
  22. WP_Query with ajax handler returns the same posts
  23. Ajax post filters not working
  24. Ajaxify This Code
  25. Genesis + Ajax + Jquery | Failling to call action
  26. How do I locate the exact location where this error is occurring 404 page not found
  27. Do all wordpress themes a similar class name for content?
  28. add bootstrap post slider with tabs
  29. Use Click Image to Play Youtube Video in a WordPress Loop
  30. Call current post URL in ajax
  31. datepicker value in mysql
  32. Adding JS functionality to the Publish button in wp-admin/post.php
  33. How do I allow certain users to make a certain type of post?
  34. displaying the categories post
  35. Using the loop to set locations for all posts on a single google map
  36. Allowing Users to Register Themselves and Post : Does WordPerss Handle these Problems?
  37. Many buttons not functioning in WordPress dashboard (as admin)
  38. Ajax post doesnt call succes after got the response
  39. Colorbox not working on native WordPress gallery when gallery is loaded thru AJAX
  40. How do I use slideToggle inside a wordpress post?
  41. Printable Page with all Posts from Tag
  42. problem with creating a wordpress post slider
  43. Problem with jQuery in post body?
  44. WP Load post with ajax and apply isotope
  45. Run Jquery Script after delete post in front end
  46. Get post id on click of thumbnail
  47. jquery: getting contents of #content field on post page
  48. Full width images within post content
  49. Determine if page is the Posts Page
  50. How to get ‘post_content’ without stripping tags?
  51. display all posts in wordpress admin
  52. When and Where is `global $post` Set and Available?
  53. Create an “All Posts” or “Archives” Page with WordPress 3.0?
  54. How to Sort Custom columns in admin
  55. Shortcode Not displayed at the Right Place [duplicate]
  56. Post visibility on the basis of roles
  57. List only child categories a post is in, of a specific parent category
  58. How to change post status from publish to draft using hook in wordpress?
  59. Auto Refresh Post List after X seconds
  60. How to show video from specific category on sidebar?
  61. Display posts with comments closed, with pagination?
  62. How can I add a meta-box to the posts editor containing all items of a custom taxonomy as checkbox?
  63. can’t use the page_test method to check pagination
  64. post re-order on my site
  65. Allow multiple contributors to one post
  66. How to check a post exist when the permalink has post id in it?
  67. Post body text occupying featured image space before it loads
  68. Multi row post list
  69. Hook in to add new post link wp admin?
  70. How do I insert a post with custom post type and relate it to a custom taxonomy?
  71. Dynamically switch template on click
  72. How to create wordpress class with post meta? [closed]
  73. All posts display default index.html
  74. Blog page error ‘Index of /blog’
  75. Disable posts generated from image uploads
  76. How to get the latest URL of my blog?
  77. Not all posts showing in query
  78. Template for regular posts (no custom post types)
  79. WordPress query portfolio posts
  80. Rand post related question
  81. SQL Bulk Move old posts by one author to another category
  82. How to show multiple posts thumbnail, title and date in widget
  83. Remove all external links from posts
  84. Manipulated offset and pagination, can’t display last post anymore
  85. Query to fetch custom taxonomy along with post title
  86. Change of author not updating
  87. Single post shows post three times
  88. Blog Page doesn’t show summary but full content
  89. Change WordPress names duplicate titles (url)
  90. Show 5 posts and than 3 posts offset with pagination
  91. My posts page is missing the page title
  92. Connection dropped due to file size
  93. How to Get Position of a Post from a category and tag
  94. Custom author search
  95. My blog “page” used to show a list of posts, but now it’s just showing the page content?
  96. Grab next post title in archive page
  97. unused post IDs
  98. First post in loop displays twice
  99. custom post type single page template not working
  100. Need to show birthday of custom post type(Famous people in this case) in elementor. Date of birth set in custom fields