Admin Ajax Blocked
If you have turned off AJAX functionality within your WordPress or for some reason GiveWP cannot access it then you may see a notice or experience various errors. This article will help you understand why this is happening and how to fix the issue.
The admin-ajax.php file is used by GiveWP, and many other plugins, to perform common actions required to accept donations, such as validating fields, calculating totals, and completing a donation. As well, GiveWP’s upgrade system relies on admin-ajax.php to receive update progress reports from the server. It is a very important file. If it is inaccessible, it is very likely that GiveWP will not behave as expected.
The following is a list of suggestions to help track down why this the problem may be happening on your site.
Plugins and Hosting Configs
With WordPress there are many plugins and hosting configurations that may trigger AJAX to be, or appear to be, inaccessible by GiveWP. The following is a list of issues we’ve uncovered when troubleshooting our customer’s environments.
Wordfence
Wordfence is a very popular security plugin that can be very powerful and effective. Occasionally though, it blocks admin-ajax.php from routine usage. There are two ways to get around this in Wordfence.
Learning Mode
Wordfence has the ability to put itself in “Learning Mode” so it can monitor your admin traffic and automatically whitelist activity that you want to be doing. To enable this, go to “Wordfence > Firewall”. From there click on the large button that says “Manager Firewall.”. Finally, in the “Basic Firewall Options” section, set the “Firewall Status” to “Learning Mode“.
After putting Wordfence in “Learning Mode”, you need to teach it what your routine admin-ajax.php usage is with GiveWP. To do that, go to your GiveWP settings pages, to your form edit screens, go to a front-end form, and confirm that all those screens are working correctly. If GiveWP informed you that you needed to update your database and you clicked “update” and nothing happened, then do this while in “Learning Mode” too. Once you’ve confirmed that all those things work as intended, your database update went smoothly, you can go and disable “Learning Mode” in Wordfence again.
Whitelist admin-ajax.php
If using Wordfence’s “Learning Mode” feature does not resolve the issue, then you might need to whitelist the admin-ajax.php file completely in Wordfence. To do that, in your WordPress admin, go to “Wordfence > Firewall” then at the top of that page click on the large button that says “Manage Firewall”.
Next scroll to the bottom of that screen to the “Whitelist URLs” section. You’ll see several inputs to add a new URL to whitelist. Here’s what you need to enter for each field:
URL = /wp-admin/admin-ajax.php
Middle Dropdown = Param Type: POST Body
Param Name = main-content
Then click “Add”.
Once that is added, refresh the screen, and the GiveWP notification should be gone.
Plugin Conflicts
Some plugins are known to intentionally block access to admin-ajax.php. The following types of plugin are often responsible:
- Security plugins – these plugins often have a setting that disables admin-ajax.php, or a similar setting for blocking access to admin files.
- Plugins that disable /wp-admin/ access for non-administrators.
- Minification plugins. These plugins boast performance improvements by shrinking the size of javascript (and other) files. This process often times breaks the javascript in GiveWP that is responsible for communicating with admin-ajax.php
- Caching plugins. Occasionally caching plugins can cause problems with admin-ajax.php by either breaking the javascript that creates the ajax requests or by simply making admin-ajax.php inaccessible
If ajax is not working on your site and you have any plugin that matches the descriptions above, try deactivating the plugins and then testing to see if admin-ajax.php becomes accessible again. If it does, then you may still be able to use the plugin, you will just need to find the problematic setting in the plugin and disable it.
Hosting Privacy and Maintenance Modes
Some hosts like Pantheon and Flywheel have “Privacy Mode” or “Maintenance Mode” options that allow you to prevent access from visitors without a password or other access. In some cases, this can prevent our plugin from working properly with AJAX.
Many times these privacy configurations make AJAX inaccessible.
Host Firewalls
Occasionally, hosting companies will setup a firewall on your site that is intended to protect your site but that also has the adverse affect of blocking access to admin-ajax.php. If you are having trouble with ajax, check if your host has a firewall and disable if it so. If ajax begins working after disabling the firewall, you have found the culprit. If ajax is still inaccessible after disabling the firewall, you can usually safely re-enable it.
Rules in Your .htaccess File
The .htaccess file used on apache servers can sometimes include special rules that are designed to protect your site from attacks. Occasionally these rules are applied a little too generally and unintentionally disable access to admin-ajax.php. If your ajax is not working, check to see what rules your .htaccess file contain. If there are any rules beyond those shown below, remove them and see if ajax begins working again.
Your htaccess file will usually contain rules that look like this (these are perfectly safe and normal):
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
NGINX configuration issues
Sometimes the Admin Ajax file is inaccessible due to configuration of the NGINX environment.
Have your host add this line to the nginx.conf file:
add_header ‘Access-Control-Allow-Origin' ‘*';
This may resolve the issue.
