$conf, $runtime; function_exists('chdir') AND chdir(APP_PATH); $r = 'mysql' == $conf['cache']['type'] ? website_set('runtime', $runtime) : cache_set('runtime', $runtime); } function runtime_truncate() { global $conf; 'mysql' == $conf['cache']['type'] ? website_set('runtime', '') : cache_delete('runtime'); } register_shutdown_function('runtime_save'); ?>security - 200 return code on 'POST wp-adminadmin-ajax.php' while NOT logged in|Programmer puzzle solving

Programmer puzzle solving

    最新消息:Welcome to the puzzle paradise for programmers! Here, a well-designed puzzle awaits you. From code logic puzzles to algorithmic challenges, each level is closely centered on the programmer's expertise and skills. Whether you're a novice programmer or an experienced tech guru, you'll find your own challenges on this site. In the process of solving puzzles, you can not only exercise your thinking skills, but also deepen your understanding and application of programming knowledge. Come to start this puzzle journey full of wisdom and challenges, with many programmers to compete with each other and show your programming wisdom! Translated with DeepL.com (free version)
    你的位置: HOME>matter>security - 200 return code on 'POST wp-adminadmin-ajax.php' while NOT logged in

    security - 200 return code on 'POST wp-adminadmin-ajax.php' while NOT logged in

    matteradmin10PV0评论

    I noticed the following log entry:

    111.22.3.444 - - [13/Mar/2015:08:31:00 +0100] "POST /wp-admin/admin-ajax.php HTTP/1.1" 200 618 "/" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.115 Safari/537.36"

    It is my company website and guaranteed that nobody (including me) was logged in, or using the dashboard. Shouldn't a /wp-admin/.. POST return a 404 or 403 instead of a 200?

    Any tips are welcome!

    Kind regards,

    Gerard.

    I noticed the following log entry:

    111.22.3.444 - - [13/Mar/2015:08:31:00 +0100] "POST /wp-admin/admin-ajax.php HTTP/1.1" 200 618 "https://cap5.nl/veiligheidstips-en-voorkom-hacken-van-je-wachtwoord/" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.115 Safari/537.36"

    It is my company website and guaranteed that nobody (including me) was logged in, or using the dashboard. Shouldn't a /wp-admin/.. POST return a 404 or 403 instead of a 200?

    Any tips are welcome!

    Kind regards,

    Gerard.

    • ajax
    • security
    Share Improve this question edited Mar 13, 2015 at 9:14 cybmeta 20.7k5 gold badges47 silver badges58 bronze badges asked Mar 13, 2015 at 9:00 GerardJPGerardJP 1031 silver badge5 bronze badges
    Add a comment  | 

    1 Answer 1

    Reset to default 1

    wp-admin/admin-ajax.php is the script used by any plugin or theme using WP Ajax API and Ajax actions can be registered for non-logged in users. For example:

    //For logged in users
add_action( 'wp_ajax_my_action', 'my_action_callback' );
//For non-logged in users
add_action( 'wp_ajax_nopriv_my_action', 'my_action_callback' );

    There is no problem on that. See WP Ajax documentation for more information.

    Articles related to this article

    Post a comment

    comment list (0)

    1. No comments so far