security - 200 return code on 'POST wp-adminadmin-ajax.php' while NOT logged in

I noticed the following log entry:

111.22.3.444 - - [13/Mar/2015:08:31:00 +0100] "POST /wp-admin/admin-ajax.php HTTP/1.1" 200 618 "/" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.115 Safari/537.36"

It is my company website and guaranteed that nobody (including me) was logged in, or using the dashboard. Shouldn't a /wp-admin/.. POST return a 404 or 403 instead of a 200?

Any tips are welcome!

Kind regards,

Gerard.

I noticed the following log entry:

111.22.3.444 - - [13/Mar/2015:08:31:00 +0100] "POST /wp-admin/admin-ajax.php HTTP/1.1" 200 618 "https://cap5.nl/veiligheidstips-en-voorkom-hacken-van-je-wachtwoord/" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.115 Safari/537.36"

It is my company website and guaranteed that nobody (including me) was logged in, or using the dashboard. Shouldn't a /wp-admin/.. POST return a 404 or 403 instead of a 200?

Any tips are welcome!

Kind regards,

Gerard.

• ajax
• security

Share Improve this question edited Mar 13, 2015 at 9:14 cybmeta 20.7k55 gold badges4747 silver badges5858 bronze badges asked Mar 13, 2015 at 9:00 GerardJPGerardJP 10311 silver badge55 bronze badges

Add a comment  | 

1 Answer 1

Sorted by: Reset to default 1

wp-admin/admin-ajax.php is the script used by any plugin or theme using WP Ajax API and Ajax actions can be registered for non-logged in users. For example:

//For logged in users
add_action( 'wp_ajax_my_action', 'my_action_callback' );
//For non-logged in users
add_action( 'wp_ajax_nopriv_my_action', 'my_action_callback' );

There is no problem on that. See WP Ajax documentation for more information.