What’s the preferred method of writing AJAX-enabled plugins?

I’m wondering what the preferred method is for dealing with AJAX calls. Should one use the same plugin php file to process the POST or a separate one? Which is cleaner or safer?


the “safer and cleaner” way would be to use admin-ajax.php that comes with wordpress and wp_ajax hook to call your processing function from your plugin file and use wp-nonce to check the integrity of the call.

for example:

your ajax JQuery call would be

<script type="text/javascript" >
jQuery(document).ready(function($) {

    var data = {
        action: 'ACTION_NAME',
            Whatever: '1234',
            _ajax_nonce: '<?php echo wp_create_nonce( 'my_ajax_nonce' ); ?>'


    // since 2.8 ajaxurl is always defined in the admin header and points to admin-ajax.php
    // If you need it on a public facing page, uncomment the following line:
    // var ajaxurl="<?php echo admin_url("admin-ajax.php'); ?>';
    jQuery.post(ajaxurl, data, function(response) {
        alert('Got this from the server: ' + response);

then in your plugin file add

//if you want only logged in users to access this function use this hook
add_action('wp_ajax_ACTION_NAME', 'my_AJAX_processing_function');

//if you want none logged in users to access this function use this hook
add_action('wp_ajax_nopriv_ACTION_NAME', 'my_AJAX_processing_function');

*if you want logged in users and guests to access your function by ajax then add both hooks.
*ACTION_NAME must match the action value in your ajax POST.

then in your function just make sure the request came from valid source

function my_AJAX_processing_function(){
   //do stuff here...

Hope this Helps

Leave a Comment