Support » Fixing WordPress » Contradicting text in the documentation

  • Resolved Ryunosuke


    For the longest time I was under the belief that wp_ajax_nopriv functions on non-logged-in users while wp_ajax only fires for logged in users. Recently I noticed that I am able to call functions I should not be able to so I went to have a look in the docs and here is what I found: states:

    This hook is functionally the same as wp_ajax_(action), however it is used to handle AJAX requests on the front-end for unauthenticated users, i.e. when is_user_logged_in() returns false.

    It then goes on to state:

    This hook will not fire for authenticated users, i.e. when is_user_logged_in() returns true. To handle

      both unauthenticated and authenticated users

    , also use wp_ajax_(action).

    So then I went to where it states:


      wp_ajax_ hook only fires for logged-in users

    . If you need to also listen for Ajax requests that don’t come from logged-in users, you need to use wp_ajax_nopriv

    So now I am confused… One page links me to a page that says the function on that page will work for both logged in and logged out users… but when I go there it says it only works for logged in users and sends me back to the page I just came from telling me that that is where I will find the function to handle people who are not logged in.

    The obvious question here is “So which one is right?” but unfortunately the fact that my logged out users can successfully run actions linked with wp_ajax_ kinda answers that question for me.

    So now I am left with trying to find out another way to make sure only logged in users can call functions meant for them (apart from doing an “if is_user_logged_in” test inside every single function). I will find a way around it but that text on those two pages that link back and forth between each other definitely needs to get it’s story straight πŸ™

    The page I need help with: [log in to see the link]

Viewing 1 replies (of 1 total)
  • Thread Starter Ryunosuke


    My bad. I just noticed I missed the “also use” part of the one page. It intends to say to handle logged in and logged out users, use both hooks. I misread that. My mistake.

    Now I just need to figure out why I can call actions using wp_ajax_ in which it tells me the user is not logged in. Clearly that can’t be right… But I’ll figure that out myself. This thread was supposed to report contradicting documentation entries but it turns out it was my bad eye causing me to read wrong πŸ™‚

    Apologies all

Viewing 1 replies (of 1 total)
  • The topic ‘Contradicting text in the documentation’ is closed to new replies.