Skip to content

Instantly share code, notes, and snippets.

@MikeNGarrett
Created October 14, 2017 01:56
Show Gist options
  • Save MikeNGarrett/cb67142e1359168b67d6b5abab8110b1 to your computer and use it in GitHub Desktop.
Save MikeNGarrett/cb67142e1359168b67d6b5abab8110b1 to your computer and use it in GitHub Desktop.
Disable admin-ajax on the front-end of WordPress sites and cache the resulting 404.
<?php
if(
strpos( $_SERVER['HTTP_REFERER'], 'wp-admin' ) === false &&
strpos( $_SERVER['REQUEST_URI'], 'admin-ajax.php' ) !== false
) {
header( 'Cache-Control: max-age=30000, must-revalidate' );
header( 'Expires: ' . gmdate( 'D, d M Y H:i:s', strtotime( '+5000 minutes' ) ) . ' GMT' );
header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s', strtotime( '-5000 minutes' ) ) . ' GMT' );
header( $_SERVER["SERVER_PROTOCOL"]." 404 Not Found" );
die;
}
@jessuppi
Copy link

jessuppi commented Mar 21, 2018

Thanks Mike! We launched a free WordPress plugin inspired in part by your snippet:

https://wordpress.org/plugins/disable-admin-ajax-littlebizzy/
https://github.com/littlebizzy/disable-admin-ajax

We've mentioned you in the readme.txt as well.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment