Based on your question, I assume this is the plugin you are using to enable SSL: WordPress HTTPS. Considering that the plugin hasn’t been updated in two years and their support questions haven’t been resolved, there may be some compatibility issues with the latest version of WordPress (4.6 at the time of this writing). My … Read more
I know this question is ancient, but no, it’s not very secure. Anyone with knowledge of the AJAX endpoint would be able to generate valid nonces, which defeats the purpose in the first place. That being said, nonces are a low level defence in the first place: they only stop the simplest of attacks. A … Read more
are we talking about the single product view or the product archive pages (shop,categories)? because the text beside the checkbox/option states, roughly translated: »activate ajax-checkout-button on product archive pages« and on all the installations i did so for, that is the way its working – ajax checkout on the archives, but not on the single … Read more
Use jQuerys getJSON in the autocompletes source method and use WordPress’ admin-ajax.php to handle the request, to avoid having to find wp-load.php (which may have been moved) and would load WordPress on every request. First of all: get the ajax url of your WordPress blog: This is simple: admin_url( ‘admin-ajax.php’ ) But, we want this … Read more
Each of these have their own advantages and disadvantages. You might need to choose one over another, based on your needs. They are both well secured, otherwise they wouldn’t exist in the core. REST-API, The modern and well known API The REST API was added to ( or better say, combined with ) the core … Read more
What you’re experiencing (AJAX works locally, but not on the server) there is a delay problem. Locally everything works that fast, that you can’t see your problem. In short, this is your problem: AJAX callback (A) executes > AJAX Callback (B) doesn’t know that it has to wait for (A) > You can’t see the … Read more
it is too late but for public use: /* if qTranslate is installed */ /* set front locale for ajax calls requested from front-end */ function set_locale_for_frontend_ajax_calls() { if ( is_admin() && defined( ‘DOING_AJAX’ ) && DOING_AJAX && substr( $_SERVER[‘HTTP_REFERER’], 0, strlen( admin_url() ) ) != admin_url() ) { load_theme_textdomain( ‘your-theme-domain-name’, get_template_directory() . ‘/languages’ ); … Read more
I add one function wp_set_current_user for setting up current user. add_action( ‘wp_ajax_facebook_login’, ‘facebook_ajax_login_or_register’ ); add_action( ‘wp_ajax_nopriv_facebook_login’, ‘facebook_ajax_login_or_register’ ); function facebook_ajax_login_or_register(){ $uid = sanitize_text_field( $_POST[‘uid’] ); $args = array( ‘meta_key’ => ‘fbuid’, ‘meta_value’ => $uid, ‘meta_compare’ => ‘=’, ); $fb_user = get_users($args); $current_user_id = $fb_user[0]; wp_set_current_user($current_user_id);//Set current user wp_set_auth_cookie( $current_user_id, true ); $response[success] = true; echo … Read more
WordPress by default hide errors for ajax request call. This can be confirmed from the source file wp-includes/load.php#L352, here: if ( defined( ‘XMLRPC_REQUEST’ ) || defined( ‘REST_REQUEST’ ) || ( defined( ‘WP_INSTALLING’ ) && WP_INSTALLING ) || wp_doing_ajax() ) { @ini_set( ‘display_errors’, 0 ); } See the function wp_doing_ajax() is being used in the conditional … Read more
There are a few things you can do to make more secure: First the Ajax call it self should be made with a WordPress nonce like you said: <script type=”text/javascript” > jQuery(document).ready(function($) { var data = { action: ‘ACTION_NAME’, Whatever_data: 1234, _ajax_nonce: <?php echo wp_create_nonce( ‘my_ajax_nonce’ ); ?> }; $.post(ajaxurl, data, function(response) { alert(‘Got this … Read more