AJAX Not Working For WP-Email, WP-Polls, WP-PostRatings or WP-PostViews?

About 2 weeks ago, I release an update to r WP-Email, WP-Polls, WP-PostRatings and WP-PostViews which added some nonce check and moved the AJAX request to be handled by /wp-admin/admin-ajax.php.

3 common issues that users are facing.

“-1” or “Failed To Verify Referrer”
This means that most likely you are using a caching plugin like W3 Total Cache (W3TC) and the Javascript being minified/combined and cached is outdated. Just empty the JS/CSS cache under the “Minify” section of W3TC in WP-Admin and W3TC will regenerate it again. This will solve the problem.

Password Protected /wp-admin/ Will Not Work
If you are using .htpasswd to protect your /wp-admin/ folder, AJAX request to /wp-admin/admin-ajax.php will not work. This problem is not unique to my plugin. Any WordPress Plugins that uses the WordPress AJAX API will break. As mentioned in this Codex, Hardening WordPress:

Simply securing the wp-admin/ directory might also break some WordPress functionality, such as the AJAX handler at wp-admin/admin-ajax.php

To bypass this, check out this tutorial, Password protecting the wp-admin directory, this tutorial will teach you how to whitelist admin-ajax.php in your /wp-admin/ using .htaccess.

I still hope in the future version of WordPress, they will separate front facing AJAX requests vs backend AJAX requests.

Your WP-Admin Is HTTPS While Your Site Is Not
If your WP-Admin is behind SSL aka HTTPS and you have the following config in your wp-config.php define('FORCE_SSL_ADMIN', true);, the AJAX will fail because https://yoursite.com is different from http://yoursite.com and the browser treat it as different domain.

To solve this issue do the following:
Find:
'ajax_url' => admin_url('admin-ajax.php'),
Replace:
'ajax_url' => admin_url('admin-ajax.php', (is_ssl() ? 'https' : 'http')),

What the code does is basically forcing http to be used when calling admin-ajax.php for AJAX request. Again this is a hack, I am trying to figure a way around it.

I have pushed the code to trunk of all the respective plugins.

1 Star2 Stars3 Stars4 Stars5 Stars (411 votes, average: 4.16 out of 5)

WP-Polls, WP-PostRatings, WP-PostViews, WP-Email Updated

I have updated the following plugins:

Now all AJAX requests are handled by /wp-admin/admin-ajax.php. Previously it is handled via the plugin PHP file itself by assuming that wp-load.php is always 2 levels down from the plugin file. But since you can have your WordPress in any folders, custom loading of wp-load.php is not possible as the path to wp-load.php varies from server to server.

While I am at it, I added nonce check for AJAX calls to WP-Polls, WP-PostRatings and WP-Email. Let me know if you run into problems via WordPress Support Forums, My Forums (if you are already registered) or via email (lesterchan AT gmail).

PS: Kindly refer to https://lesterchan.net/wordpress/2012/06/05/ajax-not-working-for-wp-email-wp-polls-wp-postratings-or-wp-postviews/ if you ran into problems.

1 Star2 Stars3 Stars4 Stars5 Stars (136 votes, average: 3.97 out of 5)

WordPress 3.3.2 & 3.4 Beta 3 Released

WordPress 3.3.2 & 3.4 Beta 3 has been released
WordPress 3.3.2

Fixes:

  • Plupload (version 1.5.4), which WordPress uses for uploading media.
  • SWFUpload, which WordPress previously used for uploading media, and may still be in use by plugins.
  • vSWFObject, which WordPress previously used to embed Flash content, and may still be in use by plugins and themes.

  • Limited privilege escalation where a site administrator could deactivate network-wide plugins when running a WordPress network under particular circumstances, disclosed by Jon Cave of our WordPress core security team, and Adam Backstrom.
  • Cross-site scripting vulnerability when making URLs clickable, by Jon Cave.
  • Cross-site scripting vulnerabilities in redirects after posting comments in older browsers, and when filtering URLs. Thanks to Mauro Gentile for responsibly disclosing these issues to the security team.

Changelog: From WordPress 3.3.1
Download: WordPress 3.3.2

WordPress 3.4 Beta 3

  • 90 bugs have been fixed since beta 2

Changelog: From WordPress 3.4 Beta 2
Download: >WordPress 3.4 Beta 3

1 Star2 Stars3 Stars4 Stars5 Stars (133 votes, average: 3.98 out of 5)

WordPress 3.4 Beta 1

WordPress 3.4 Beta 1 has been released! The final version is expected to ship sometime next month (May 2012).

What’s New

  • Theme Customizer with Previewer
  • Flexible Custom Header Sizes
  • Selecting Custom Header and Background Images from Media Library
  • Better experience searching for and choosing a theme

Under-the-hood Changes

  • New XML-RPC API for external and mobile applications
  • New API for registering theme support for custom headers and backgrounds
  • Performance improvements to WP_Query by splitting the query (Please test!)
  • Internationalization improvements (improved performance and locale support)
  • Performance and API improvements when working with lists of installed themes
  • Support for installing child themes from the WordPress Themes Directory

Download: WordPress 3.4 Beta 1

1 Star2 Stars3 Stars4 Stars5 Stars (128 votes, average: 3.92 out of 5)