admin-ajax.php

  • Resolved matimaz

    (@matimaz)


    1 year, 6 months ago

    Where can I secure admin-ajax.php calls? (bruce force attack). I don’t see it anywhere (WP Security has it, but your plugin is better in many other ways :)).

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author Paul

    (@paultgoodchild)

    There’s very little that can be achieved via the admin AJAX endpoint – there’s nothing to attack there really, unless you have added a plugin that provides custom AJAX-based login/registration, or comments. Shield should normally still be protecting those functions regardless of whether it’s AJAX or not, so anything trying to brute force it will get blocked eventually. The admin-ajax.php endpoint typically doesn’t require any special handling.

    If you’re using ShieldPRO you can take advantage of the rate limiting feature, however, which is a generalised mechanism for protecting against brute force attack. Feel free to reach out to us directly to discuss if it’s something that interests you.

    Thanks, and glad to hear you’re liking Shield Security so far!

    After installing the Shield Security plugin, the load on the server tripled. If earlier requests to /wp-admin/admin-ajax.php there was practically none, but now there is a large amount of it.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘admin-ajax.php’ is closed to new replies.