Why would admin-ajax.php redirect to the home page for logged out users?

2 Views

I am using the wp-polls plugin on my website. This plugin relies on using AJAX requests of the form http://www.myfakewebsiteurl.com/wp-admin/admin-ajax.php?action=polls&view=process&poll_id=2&poll_2=8&poll_2_nonce=420d75e659

When I log in, this request works fine: it pulls the poll results from the server, and then displays them on the desired web page.

Read More

However, when I log out, this request redirects me to the home page. Thus, instead of the poll results appearing, I get the home page loaded where the poll results are supposed to be.

Why would admin-ajax.php redirect visitors to my WordPress-powered site who are not logged in to the home page of my website?

Post Views: 2

Related posts

Leave a Reply

3 comments

  1. It only redirects when accessed directly, as do all files located in wp-admin/. AJAX requests should work fine regardless of authentication status.

    Edit: wp-admin/admin-ajax.php should not redirect in any situation. Perhaps a plugin is redirecting all unauthenticated users to the homepage? By default, accessing files inside wp-admin/ when not logged in should redirect to the login page.

  2. Okay, so here’s the deal. Redirect plugins have to do the following to avoid this issue. 

    if ( !defined( 'DOING_AJAX' ) ) {}

    It’s that simple. Simple mistake, and easy to fix.

  3. I just had the same issue and for me the reason wasn’t broken plugin code. To find this one, I really needed to debug the wp_redirect code in wp-includes/pluggable.php:1246 and add the following lines at the beginning of the function:

      var_dump($location);
  var_dump($status);
  var_dump(wp_debug_backtrace_summary());
  die;

    Usually, you may inject such code via a filter like wp_redirect but that didn’t work for me since the error occurred before my theme or plugin code was loaded by WordPress. Now, I observed the response body of my AJAX request in the developer network tools of my browser. You may also use trigger_error(wp_debug_backtrace_summary()) and observe the stacktrace in wp-content/debug.log (if you enable the debug log).

    My issue was naming a file in my theme admin.php and importing it with include_once("admin.php");. Strangely, the requirement logic starts looking for a file with that name in the upper parent folder,s and thus, it loada wp-admin/admin.php leading to an authentication error and finally my erroneous redirect.

    And here goes the solution to my particular issue:

    // Instead of: include_once('admin.php');
include_once(dirname(__FILE__) . 'admin.php');

    I guess, there are many ways to have such redirect issues. Hopefully, my problem-solving method helps other people out there with their problems.

    Greetings,
    Thomas