Not having the permissions issues being reported – don’t use htaccess in wp-admin.
But, is there a way to disable use of ajax in admin?
Then I would use an htaccess to harden the site.
I don’t care if it’s pretty when posting or editing posts, so why do I care if there is ajax? Will it break media library for example?
Not having the permissions issues being reported…
Why do you think – or know – that ajax is a security risk? .htaccess and ajax functionality are completely different animals.
And ajax is core WP functionality; you’re not going to have much luck removing it.
I guess I assumed too much in my post in that I’ve being seeing a lot of posts about it in my “Matches” subscription and take that as enough background to not get specific. So my mistake if my language somehow led to the conclusion that I was saying ajax is a security issue.
So, the “permissions issue” is being widely discussed not as a security issue, but because a number of people have had their upgrades broken by specific security plugins. The cause of the break is that, in hardening wp-admin, they are blocking access to the ajax php file in the wp-admin directory. The solution being offered is to use a specific htaccess rule to allow all on that file.
My question was simply to establish if ajax functionality is even required. If it is not then the option of disabling it would be one that I, personally, would prefer over the “allow all” option being offered.
I also personally like to minimize the amount of code libraries required for my site to function. I use ajax nothing, except in WP itself. Less code, fewer potential targets, down the road, not today. So again, if it is not critical to WP’s operation, if there is a way to turn it off, I’d use it.
Your answer apparently is “No.”
So that answers my How-to question — you can’t do it.
You’re still mixing apples and oranges. Blocking access to a particular file in with .htaccess isn’t a permission issue; it’s an file access issue, access to a file that WP needs to run. It’s not file permissions.
Permissions issues can be a problem, and security plugins can make permission changes. But permissions issues can have as much to do with web host server configs, and if you’re on a cheap, shared host, lots of those configs are simply out of your control.
The backend of WP and any ajax functions used is just that; that backend. It’s your choice to have a theme – the front end – with or without any functionality. The theme can be more of a vector to access than WP core. Removing core WP functionality can be difficult and not recommended.
And, many security issues – file and account permissions – have to do with the web host. Some are much better at core security than others.
You are strictly correct. File system permissions are different from “allow” (permit) or “deny” (do not permit) htaccess permissions. Slip of the mind. So shoot me.
I wasn’t trying to start some deep neurosurgery here. I merely wanted a question answered. Why you want to drive me off into the wilderness — now you’re on about choosing themes — I don’t know. Happy new year already.
You’re telling me that the ajax is required, not optional, in the backend.
Fine. Thanks for the answer.
I wasn’t trying to start some deep neurosurgery here. I merely wanted a question answered.
If you ask questions here, you get answers. Might not be the answers you want to actually hear, but that’s a different issue.
Why you want to drive me off into the wilderness — now you’re on about choosing themes — I don’t know
I use ajax nothing, except in WP itself….
Becuase you’re talking and asking about themes and difference between WP and the actual theme in use.
Thank you for the tip Andrew. I tried that and confirmed that while no effects are apparent on the front end, it does break some things in the back end.
gwc_wd – Please don’t abuse the volunteer moderators. What you infer out of what someone else writes is as much your perception as their intent. Text is an imperfect medium, and downright terrible for tone, so where you clearly see it as an insult, it may not be that at all.
Part of answering questions requires we understand the reason behind the question. For you, it’s obvious, but we’re not in your head and sometimes things are missed. So you were asked to clarify a couple matters. No one asked about neurosurgery levels of code, we just need to make sure we answer the underlying question and not just the top level.
- The topic ‘Is it possible to disable ajax?’ is closed to new replies.