[wp-trac] [WordPress Trac] #52974: Consider changing "admin-ajax.php" files location

WordPress Trac noreply at wordpress.org
Mon Apr 5 17:39:12 UTC 2021

#52974: Consider changing "admin-ajax.php" files location
 Reporter:                  |      Owner:  (none)
  mdsaifurrahmann029        |
     Type:  defect (bug)    |     Status:  new
 Priority:  normal          |  Milestone:  Awaiting Review
Component:  Security        |    Version:  5.7
 Severity:  normal          |   Keywords:  needs-patch needs-privacy-review
  Focuses:  administration  |
 Hey there,
 I'm working with WordPress since 2010 and noticed that the {{{ admin-
 ajax.php }}} file is located under the {{{ wp-admin }}} folder. Everything
 was just fine. But the problem begins when {{{ admin_url() }}} function
 showed up the directory on the source code.
  like this: {{{example.com/wp-admin/admin-ajax.php}}}

 I think this file (admin-ajax.php) directory or admin_url function might
 be considered. Let me explain why.
 When a large company or a business website is created with WordPress, it
 is quite vulnerable. Any hacker at the intermediate level is able to grab
 sensitive data with access to the website.
 So then the clients consider the security aspect of the website. We work
 to protect the website from hackers by hiding the CMS from the site
 created by WordPress and by securing many more things. But since the
 directory of this file is visible in the source code, it is not easy for
 many to hide the CMS completely.
 And since the theme/plugin developers use this file through the
 admin_url() function, it is necessary to change the default output of this
 function (url/wp-admin/) or the directory of the admin-ajax.php file
 considering the security aspect.

 Technology growing up day by day. This simple directory leaks the CMS and
 newbie developers are get suffering.
 Please think about this. Hope this file system will be patched in the next
 update soon.

 Thank you.

Ticket URL: <https://core.trac.wordpress.org/ticket/52974>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list