I am facing an issue when i am restricting the Admin panel (wp-admin) with IP than ajax calls from frontend side don’t work. As they are calling ‘wp-admin/admin-ajax.php’ file which is based on admin side and restricted with IP. Therefore, for frontend user ajax didn’t work.
Any solution? As i have setup a website for a big company and my client is really need this. So i am stuck with this problem.
I believe frontend stuff shouldn’t need to access backend stuff.
Any Help please. Your kind support is highly appreciated.
]]>How are you restricting IP addresses that can access the back end?
]]>wp-admin/admin-ajax.php. You’ll need to exclude this file from any restrictions you’ve put in place or AJAX requests by many plugins won’t work.
]]>
I am trying to restrict my admin panel (“wp-admin” folder) on single IP by using Network Firewall. By doing so, my ajax calls are not working for internet/website customer.
]]>Is there any other way to pull out the functionality like wp-admin/admin-ajax.php and place it outside. So that our website customers don’t have problem in their ajax calling.
Thanks in advance and your kind solving is highly appreicated.
]]>1. Filter the admin_url() function so that any use of the function like admin_url( 'admin-ajax.php' ) will change the URL to a custom URL.
2. Create a custom URL, https://website.com/ajax/, that we will use to replace the admin-ajax.php URL.
3. Set it up so that requests to /ajax load the admin-ajax.php file.
The problem you might have is that if a plugin is not using admin_url( 'admin-ajax.php' ) to create the AJAX URL, but doing something like admin_url() . 'admin-ajax.php' instead, then this won’t work for those plugins.
So the code for #1 is:
function asifriazkhan_ajax_url( $url, $path ) {
if ( strpos( $path, 'admin-ajax.php' ) !== 0 ) {
$url = site_url( '/ajax/' );
}
return $url;
}
add_filter( 'admin_url', 'asifriazkhan_ajax_url', 10, 2 );
So now, any use of admin_url( 'admin-ajax.php' ) in a plugin will return https://website.com/ajax/.
The next piece is these two functions:
function asifriazkhan_ajax_rewrite_rule() {
add_rewrite_rule( 'ajax/?$', 'index.php?asifriazkhan_ajax=1', 'top' );
}
add_action( 'init', 'asifriazkhan_ajax_rewrite_rule' );
function asifriazkhan_ajax_query_vars( $query_vars ) {
$query_vars[] = 'asifriazkhan_ajax';
return $query_vars;
}
add_filter( 'query_vars', 'asifriazkhan_ajax_query_vars' );
With these bits of code https://website.com/ajax/ is now a valid URL, and will give us a custom query variable, asifriazkhan_ajax, which we can use to insert the AJAX functionality.
So then the last bit of code is to check if the request is for https://website.com/ajax/ using our custom query variable. If it is, we will include admin-ajax.php so that it can handle the request:
function asifriazkhan_ajax_include() {
global $wp_query;
if ( $wp_query->get( 'asifriazkhan_ajax' ) === '1' ) {
include ABSPATH . '/wp-admin/admin-ajax.php';
exit;
}
}
add_action( 'template_redirect', 'asifriazkhan_ajax_include' );
Now most, if not all, AJAX requests by plugins should be sent to – and handled by – https://website.com/ajax/, avoiding direct requests to admin-ajax.php, which should solve your problem.
I’ve tested the code and it works, including for core WordPress AJAX functionality, but it depends on 3rd-party plugins doing their AJAX a certain way.
]]>Thanks for the detail message. Let me ask my team to implement it the way like you suggest to us then i will let you know either its works or not. Thanks man.
]]>Any other solution? Can we make clone of this admin-ajax.php and put it outside wp-admin folder. So that for frontend user can easily call it instead to call the wp-admin/admin-ajax.php
]]>wp-admin folder is completely blocked for public access, does the admin-ajax file needs to be accessible for it to work ?
]]>