- Lester Chan's WordPress Plugins - https://lesterchan.net/wordpress -

AJAX Not Working For WP-Email, WP-Polls, WP-PostRatings or WP-PostViews?

About 2 weeks ago, I release an update to r WP-Email, WP-Polls, WP-PostRatings and WP-PostViews [1] which added some nonce check and moved the AJAX request to be handled by /wp-admin/admin-ajax.php.

3 common issues that users are facing.

“-1” or “Failed To Verify Referrer”
This means that most likely you are using a caching plugin like W3 Total Cache (W3TC) and the Javascript being minified/combined and cached is outdated. Just empty the JS/CSS cache under the “Minify” section of W3TC in WP-Admin and W3TC will regenerate it again. This will solve the problem.

Password Protected /wp-admin/ Will Not Work
If you are using .htpasswd to protect your /wp-admin/ folder, AJAX request to /wp-admin/admin-ajax.php will not work. This problem is not unique to my plugin. Any WordPress Plugins that uses the WordPress AJAX API [2] will break. As mentioned in this Codex, Hardening WordPress [3]:

Simply securing the wp-admin/ directory might also break some WordPress functionality, such as the AJAX handler at wp-admin/admin-ajax.php

To bypass this, check out this tutorial, Password protecting the wp-admin directory [4], this tutorial will teach you how to whitelist admin-ajax.php in your /wp-admin/ using .htaccess.

I still hope in the future version of WordPress, they will separate front facing AJAX requests vs backend AJAX requests.

Your WP-Admin Is HTTPS While Your Site Is Not
If your WP-Admin is behind SSL aka HTTPS and you have the following config in your wp-config.php define('FORCE_SSL_ADMIN', true);, the AJAX will fail because https://yoursite.com is different from http://yoursite.com and the browser treat it as different domain.

To solve this issue do the following:
'ajax_url' => admin_url('admin-ajax.php'),
'ajax_url' => admin_url('admin-ajax.php', (is_ssl() ? 'https' : 'http')),

What the code does is basically forcing http to be used when calling admin-ajax.php for AJAX request. Again this is a hack, I am trying to figure a way around it.

I have pushed the code to trunk of all the respective plugins.