Last active
December 4, 2023 11:21
-
-
Save yllus/8181d8670fd296854c1e41078d969cc1 to your computer and use it in GitHub Desktop.
An optimized admin-ajax.php that executes visitor-only AJAX requests in WordPress
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| // Note: This file exists as a near-copy of /wp-admin/admin-ajax.php so that caching on this URL can occur. | |
| /** | |
| * WordPress AJAX Process Execution. | |
| * | |
| * @package WordPress | |
| * @subpackage Administration | |
| * | |
| * @link https://codex.wordpress.org/AJAX_in_Plugins | |
| */ | |
| /** | |
| * Executing AJAX process. | |
| * | |
| * @since 2.1.0 | |
| */ | |
| define( 'DOING_AJAX', true ); | |
| if ( ! defined( 'WP_ADMIN' ) ) { | |
| define( 'WP_ADMIN', false ); | |
| } | |
| // Fake being the real admin-ajax.php so some WordPress functions run correctly. | |
| $_SERVER['PHP_SELF'] = '/wp-admin/admin-ajax.php'; | |
| /** Load WordPress Bootstrap */ | |
| $str_location_wp_load = dirname( dirname( dirname( dirname( __FILE__ ) ) ) ) . '/wp-load.php'; | |
| if ( !file_exists($str_location_wp_load) ) { // Handle local development environments that are using symlinks. | |
| $str_location_wp_load = $_SERVER['DOCUMENT_ROOT'] . '/wp-load.php'; | |
| } | |
| require_once( $str_location_wp_load ); | |
| /** Allow for cross-domain requests (from the frontend). */ | |
| send_origin_headers(); | |
| // Require an action parameter | |
| if ( empty( $_REQUEST['action'] ) ) | |
| die( '0' ); | |
| /** Load WordPress Administration APIs */ | |
| require_once( ABSPATH . 'wp-admin/includes/admin.php' ); | |
| /** Load Ajax Handlers for WordPress Core */ | |
| require_once( ABSPATH . 'wp-admin/includes/ajax-actions.php' ); | |
| @header( 'Content-Type: text/html; charset=' . get_option( 'blog_charset' ) ); | |
| @header( 'X-Robots-Tag: noindex' ); | |
| send_nosniff_header(); | |
| nocache_headers(); | |
| /** This action is documented in wp-admin/admin.php */ | |
| // do_action( 'admin_init' ); // Disable as we'll never be using this file to do things only for logged-in users. | |
| $core_actions_get = array( | |
| 'fetch-list', 'ajax-tag-search', 'wp-compression-test', 'imgedit-preview', 'oembed-cache', | |
| 'autocomplete-user', 'dashboard-widgets', 'logged-in', | |
| ); | |
| $core_actions_post = array( | |
| 'oembed-cache', 'image-editor', 'delete-comment', 'delete-tag', 'delete-link', | |
| 'delete-meta', 'delete-post', 'trash-post', 'untrash-post', 'delete-page', 'dim-comment', | |
| 'add-link-category', 'add-tag', 'get-tagcloud', 'get-comments', 'replyto-comment', | |
| 'edit-comment', 'add-menu-item', 'add-meta', 'add-user', 'closed-postboxes', | |
| 'hidden-columns', 'update-welcome-panel', 'menu-get-metabox', 'wp-link-ajax', | |
| 'menu-locations-save', 'menu-quick-search', 'meta-box-order', 'get-permalink', | |
| 'sample-permalink', 'inline-save', 'inline-save-tax', 'find_posts', 'widgets-order', | |
| 'save-widget', 'delete-inactive-widgets', 'set-post-thumbnail', 'date_format', 'time_format', | |
| 'wp-remove-post-lock', 'dismiss-wp-pointer', 'upload-attachment', 'get-attachment', | |
| 'query-attachments', 'save-attachment', 'save-attachment-compat', 'send-link-to-editor', | |
| 'send-attachment-to-editor', 'save-attachment-order', 'heartbeat', 'get-revision-diffs', | |
| 'save-user-color-scheme', 'update-widget', 'query-themes', 'parse-embed', 'set-attachment-thumbnail', | |
| 'parse-media-shortcode', 'destroy-sessions', 'install-plugin', 'update-plugin', 'press-this-save-post', | |
| 'press-this-add-category', 'crop-image', 'generate-password', 'save-wporg-username', | |
| ); | |
| // Deprecated | |
| $core_actions_post[] = 'wp-fullscreen-save-post'; | |
| // Register core Ajax calls. | |
| if ( ! empty( $_GET['action'] ) && in_array( $_GET['action'], $core_actions_get ) ) | |
| add_action( 'wp_ajax_' . $_GET['action'], 'wp_ajax_' . str_replace( '-', '_', $_GET['action'] ), 1 ); | |
| if ( ! empty( $_POST['action'] ) && in_array( $_POST['action'], $core_actions_post ) ) | |
| add_action( 'wp_ajax_' . $_POST['action'], 'wp_ajax_' . str_replace( '-', '_', $_POST['action'] ), 1 ); | |
| add_action( 'wp_ajax_nopriv_heartbeat', 'wp_ajax_nopriv_heartbeat', 1 ); | |
| if ( is_user_logged_in() ) { | |
| /** | |
| * Fires authenticated AJAX actions for logged-in users. | |
| * | |
| * The dynamic portion of the hook name, `$_REQUEST['action']`, | |
| * refers to the name of the AJAX action callback being fired. | |
| * | |
| * @since 2.1.0 | |
| */ | |
| do_action( 'wp_ajax_' . $_REQUEST['action'] ); | |
| } else { | |
| /** | |
| * Fires non-authenticated AJAX actions for logged-out users. | |
| * | |
| * The dynamic portion of the hook name, `$_REQUEST['action']`, | |
| * refers to the name of the AJAX action callback being fired. | |
| * | |
| * @since 2.8.0 | |
| */ | |
| do_action( 'wp_ajax_nopriv_' . $_REQUEST['action'] ); | |
| } | |
| // Default status | |
| die( '0' ); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Dare to compare against the official file at https://github.com/WordPress/WordPress/blob/master/wp-admin/admin-ajax.php . Differences include:
This file needs to be carefully examined each time you upgrade WordPress, but often speeds up AJAX requests by 50% or more by skipping the execution of admin-side WordPress actions and libraries.