Ajax calls from the theme directory

You should never edit any files in the wp-admin directory. All ajax related to your theme, should be inside your theme directory. You can place your PHP code in any file, functions.php, or include some new file there you will retrive only ajax cals, that will be better.

Best way to use ajax front-end?

Never ever use your theme/plugin files directly for ajax calls, always use admin-ajax.php. This is the only recommended way of doing ajax to ensure maximum compatibility with wordpress (including future versions) & 3rd party plugins/themes The best/easiest way depends on the situation & is debatable but i would ask you to use admin-ajax.php even if … Read more

infinite scroll not working when logged out

add this before your other add_action call: add_action(‘wp_ajax_nopriv_zephyr_infinite_scroll’, ‘zephyr_get_nextpage’); the wp_ajax_ filter runs only when you are logged in. wp_ajax_nopriv_ runs only when logged out. This is so you can separate your requests, and maybe treat them differently, if that’s the case. Check wp_ajax_(action)

How to make custom button link on the WordPress Admin Bar run by AJAX

Below is the complete code on how to do it. For more details you may like to see how admin ajax work on codex. <?php /* Your code to add menu on admin bar */ add_action(‘admin_bar_menu’, ‘add_item’, 100); function add_item( $admin_bar ){ global $pagenow; $admin_bar->add_menu( array( ‘id’=>’cache-purge’,’title’=>’Cache Purge’,’href’=>’#’ ) ); } /* Here you trigger … Read more

Create custom POST Method URL

WordPress comes with built in support for using AJAX calls from within your plugins or themes functions.php. Following is the sample example: Javascript code: jQuery( document ).on( ‘click’, ‘.event-trigger’, function() { var ajax_url = “<?php echo admin_url( ‘admin-ajax.php’ ); ?>”; //You can define this parameter globally as well. jQuery.ajax({ url : ajax_url, type : ‘post’, … Read more

Unable to successfully verify nonce

Looking at the documentation, the 2nd argument of check_ajax_referer() is: (false|string) (Optional) Key to check for the nonce in $_REQUEST (since 2.5). If false, $_REQUEST values will be evaluated for ‘_ajax_nonce’, and ‘_wpnonce’ (in that order). Not the value itself. So the correct usage would be: check_ajax_referer(‘fmsapi_refresh_nonce’, ‘security’ );

Why is wp_localize_script returning false?

Handle name doesn’t match registered script name in your snippet. wp_enqueue_script has ajax-script and localize has ajax_script notice the dash and underscore. You should also follow example from the docs a. register, b. localise, c. enqueue; like so: <?php // Register the script wp_register_script( ‘some_handle’, ‘path/to/myscript.js’ ); // Localize the script with new data $translation_array … Read more

Use WP admin AJAX url to hide API key

I would break this problem in to 2 parts. First, you could sent an Ajax request to your server, sending only the dataString variable. Then, you can use either cURL or wp_remote_get() on the server to access the real API. This could be the only solution, if you want to avoid playing hide and seek … Read more

Is it secure to use admin-ajax.php in front?

I would like to know if it is secure to use admin-ajax.php for your ajax requests on the front. There is nothing fundamentally insecure about using it for AJAX requests as a protocol. So is it secure? That question makes little sense, in the same way that “Is a coin flip secure?” doesn’t make a … Read more