I´m a litle confused. I would like to declare a wp ajax function for the front end. I followed the documentation and specifically this page where it´s written :

Note 2: Both front-end and back-end Ajax requests use admin-ajax.php so is_admin() will always return true in your action handling code. When selectively loading your Ajax script handlers for the front-end and back-end, and using the is_admin() function, your wp_ajax_(action) and wp_ajax_nopriv_(action) hooks MUST be inside the is_admin() === true part.

Ajax requests bound to either wp_ajax_ or wp_ajax_nopriv_ actions are executed in the WP Admin context. Carefully review the actions you are performing in your code since unprivileged users or visitors will be able to trigger requests with elevated permissions that they may not be authorized for.

but if I´m on the front-end side and I wrapped my hooks called with an is_admin() checking, how it can be executed ? I mean is_admin() is to check if you are on the administration so it will return false, so the code inside won´t be executed on the front-end, won´t it ?

if ( is_admin() ) { //<-- Executed on front-end page as well ?
    add_action( 'wp_ajax_my_frontend_action', 'my_frontend_action' );
    add_action( 'wp_ajax_nopriv_my_frontend_action', 'my_frontend_action' );
    add_action( 'wp_ajax_my_backend_action', 'my_backend_action' );
    // Add other back-end action hooks here
} else {
    // Add non-Ajax front-end action hooks here
}

Can someone enlighten me ?

I´m a litle confused. I would like to declare a wp ajax function for the front end. I followed the documentation and specifically this page where it´s written :

Note 2: Both front-end and back-end Ajax requests use admin-ajax.php so is_admin() will always return true in your action handling code. When selectively loading your Ajax script handlers for the front-end and back-end, and using the is_admin() function, your wp_ajax_(action) and wp_ajax_nopriv_(action) hooks MUST be inside the is_admin() === true part.

Ajax requests bound to either wp_ajax_ or wp_ajax_nopriv_ actions are executed in the WP Admin context. Carefully review the actions you are performing in your code since unprivileged users or visitors will be able to trigger requests with elevated permissions that they may not be authorized for.

but if I´m on the front-end side and I wrapped my hooks called with an is_admin() checking, how it can be executed ? I mean is_admin() is to check if you are on the administration so it will return false, so the code inside won´t be executed on the front-end, won´t it ?

if ( is_admin() ) { //<-- Executed on front-end page as well ?
    add_action( 'wp_ajax_my_frontend_action', 'my_frontend_action' );
    add_action( 'wp_ajax_nopriv_my_frontend_action', 'my_frontend_action' );
    add_action( 'wp_ajax_my_backend_action', 'my_backend_action' );
    // Add other back-end action hooks here
} else {
    // Add non-Ajax front-end action hooks here
}

Can someone enlighten me ?

• ajax
• front-end

1 Answer 1

I mean is_admin() is to check if you are on the administration so it will return false, so the code inside won´t be executed on the front-end, won´t it ?

When you send an AJAX request using this method, you are sending it to wp-admin/admin-ajax.php, which is in the admin. This is explained in the text you've quoted yourself:

Both front-end and back-end Ajax requests use admin-ajax.php so is_admin() will always return true in your action handling code.

It's irrelevant where the AJAX request was sent from. When the request is made it is a completely separate request to the original front-end request that loaded whatever page you were on. It's a new request to the WordPress admin.

The important thing to remember is that an AJAX request is really just JavaScript opening a web page in the background. So it's the same as if you opened /wp-admin/admin-ajax.php in a new tab. If you did that then is_admin() would be true, which is why it's still true when you make that request with JavaScript.

The other thing to remember is that add_action() calls queue up functions to run only for the current request. Those add_action() calls are run every time a page is loaded, getting stuff ready for the rest of the page load. When you load a front end page with your code, it queues up my_frontend_action() to run if the current request is an AJAX request, but it's not, so nothing happens. Nothing is stored or remembered for a later AJAX request made from that page.

When the AJAX request is made, this condition is checked again, but add_action() is never run because is_admin() is true, so nothing happens, and because the add_action() from the front-end request is not stored or remembered, it doesn't fire this time either.