If you have turned off AJAX functionality within your WordPress or for some reason GiveWP cannot access it then you may see a notice or experience various errors. This article will help you understand why this is happening and how to fix the issue.

The  admin-ajax.php file is used by GiveWP, and many other plugins, to perform common actions required to accept donations, such as validating fields, calculating totals, and completing a donation. As well, GiveWP’s upgrade system relies on admin-ajax.php to receive update progress reports from the server. It is a very important file. If it is inaccessible, it is very likely that GiveWP will not behave as expected.

The following is a list of suggestions to help track down why this the problem may be happening on your site.

Plugins and Hosting Configs

With WordPress there are many plugins and hosting configurations that may trigger AJAX to be, or appear to be, inaccessible by GiveWP. The following is a list of issues we’ve uncovered when troubleshooting our customer’s environments.


Wordfence is a very popular security plugin that can be very powerful and effective. Occasionally though, it blocks admin-ajax.php from routine usage. There are two ways to get around this in Wordfence.

Learning Mode

Wordfence has the ability to put itself in “Learning Mode” so it can monitor your admin traffic and automatically whitelist activity that you want to be doing. To enable this,  go to “Wordfence > Firewall”. From there click on the large button that says “Manager Firewall.”. Finally, in the “Basic Firewall Options” section, set the “Firewall Status” to  “Learning Mode“.

Wordfence “Learning Mode” setting.

After putting Wordfence in “Learning Mode”, you need to teach it what your routine admin-ajax.php usage is with GiveWP. To do that, go to your GiveWP settings pages, to your form edit screens, go to a front-end form, and confirm that all those screens are working correctly. If GiveWP informed you that you needed to update your database and you clicked “update” and nothing happened, then do this while in “Learning Mode” too. Once you’ve confirmed that all those things work as intended, your database update went smoothly, you can go and disable “Learning Mode” in Wordfence again.

Whitelist admin-ajax.php

If using Wordfence’s “Learning Mode” feature does not resolve the issue, then you might need to whitelist the admin-ajax.php file completely in Wordfence. To do that, in your WordPress admin, go to “Wordfence > Firewall” then at the top of that page click on the large button that says “Manage Firewall”.

Next scroll to the bottom of that screen to the “Whitelist URLs” section. You’ll see several inputs to add a new URL to whitelist. Here’s what you need to enter for each field:

URL = /wp-admin/admin-ajax.php

Middle Dropdown = Param Type: POST Body

Param Name = main-content

Then click “Add”.

Whitelisting admin-ajax.php in Wordfence.

Once that is added, refresh the screen, and the GiveWP notification should be gone.

Plugin Conflicts

Some plugins are known to intentionally block access to admin-ajax.php. The following types of plugin are often responsible:

  • Security plugins – these plugins often have a setting that disables admin-ajax.php, or a similar setting for blocking access to admin files.
  • Plugins that disable /wp-admin/ access for non-administrators.
  • Minification plugins. These plugins boast performance improvements by shrinking the size of javascript (and other) files. This process often times breaks the javascript in GiveWP that is responsible for communicating with admin-ajax.php
  • Caching plugins. Occasionally caching plugins can cause problems with admin-ajax.php by either breaking the javascript that creates the ajax requests or by simply making admin-ajax.php inaccessible

If ajax is not working on your site and you have any plugin that matches the descriptions above, try deactivating the plugins and then testing to see if admin-ajax.php becomes accessible again. If it does, then you may still be able to use the plugin, you will just need to find the problematic setting in the plugin and disable it.

Hosting Privacy and Maintenance Modes

Some hosts like Pantheon and Flywheel have “Privacy Mode” or “Maintenance Mode” options that allow you to prevent access from visitors without a password or other access. In some cases, this can prevent our plugin from working properly with AJAX.

Flywheel has a “Privacy Mode” that can cause you to see an alert if updates are available.
Pantheon has a “Security Settings” configuration that may also cause you to see an alert if updates are available.

Many times these privacy configurations make AJAX inaccessible.

Host Firewalls

Occasionally, hosting companies will setup a firewall on your site that is intended to protect your site but that also has the adverse affect of blocking access to  admin-ajax.php. If you are having trouble with ajax, check if your host has a firewall and disable if it so. If ajax begins working after disabling the firewall, you have found the culprit. If ajax is still inaccessible after disabling the firewall, you can usually safely re-enable it.

Rules in Your .htaccess File

The .htaccess file used on apache servers can sometimes include special rules that are designed to protect your site from attacks. Occasionally these rules are applied a little too generally and unintentionally disable access to admin-ajax.php. If your ajax is not working, check to see what rules your .htaccess file contain. If there are any rules beyond those shown below, remove them and see if ajax begins working again.

Your  htaccess file will usually contain rules that look like this (these are perfectly safe and normal):

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
# END WordPress

NGINX configuration issues

Sometimes the Admin Ajax file is inaccessible due to configuration of the NGINX environment.

Have your host add this line to the nginx.conf file:

add_header ‘Access-Control-Allow-Origin' ‘*';

This may resolve the issue.

AJAX is Definitely Working on My Site

if you are positive that AJAX is accessible we have created the following snippet to bypass the AJAX check in GiveWP 2.0.1+:

 * Always return true for GiveWP's AJAX check.
 * If GiveWP is throwing a false positive for admin-ajax accessibility this will bypass the check within give_test_ajax_works.
 * @return bool
function my_ajax_works_and_im_positive() {
   return true;

add_filter( 'give_test_ajax_works', 'my_ajax_works_and_im_positive' );

Note: Make a backup before adding the snippet above and running upgrades. The upgrade may be one that optimizes or reconfigures GiveWP’s database. I you’re seeing an AJAX notice then it’s important to have a backup in place before proceeding.