Title: admin-ajax.php
Last modified: May 27, 2023

---

# admin-ajax.php

 *  Resolved [matimaz](https://wordpress.org/support/users/matimaz/)
 * (@matimaz)
 * [3 years ago](https://wordpress.org/support/topic/admin-ajax-php-18/)
 * Where can I secure admin-ajax.php calls? (bruce force attack). I don’t see it
   anywhere (WP Security has it, but your plugin is better in many other ways :)).

Viewing 2 replies - 1 through 2 (of 2 total)

 *  Plugin Author [Paul](https://wordpress.org/support/users/paultgoodchild/)
 * (@paultgoodchild)
 * [3 years ago](https://wordpress.org/support/topic/admin-ajax-php-18/#post-16774612)
 * There’s very little that can be achieved via the admin AJAX endpoint – there’s
   nothing to attack there really, unless you have added a plugin that provides 
   custom AJAX-based login/registration, or comments. Shield should normally still
   be protecting those functions regardless of whether it’s AJAX or not, so anything
   trying to brute force it will get blocked eventually. The admin-ajax.php endpoint
   typically doesn’t require any special handling.
 * If you’re using ShieldPRO you can take advantage of [the rate limiting feature](https://getshieldsecurity.com/blog/shield-rate-limiting-protection-wordpress/),
   however, which is a generalised mechanism for protecting against brute force 
   attack. Feel free to reach out to us directly to discuss if it’s something that
   interests you.
 * Thanks, and glad to hear you’re liking Shield Security so far!
 *  [nacaut](https://wordpress.org/support/users/nacaut/)
 * (@nacaut)
 * [2 years, 11 months ago](https://wordpress.org/support/topic/admin-ajax-php-18/#post-16897254)
 * After installing the Shield Security plugin, the load on the server tripled. 
   If earlier requests to **/wp-admin/admin-ajax.php** there was practically none,
   but now there is a large amount of it.

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘admin-ajax.php’ is closed to new replies.

 * ![](https://ps.w.org/wp-simple-firewall/assets/icon-256x256.png?rev=3054572)
 * [Shield Security – Smart Bot Blocking, Brute-Force Login Protection & File Scanning](https://wordpress.org/plugins/wp-simple-firewall/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/wp-simple-firewall/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/wp-simple-firewall/)
 * [Active Topics](https://wordpress.org/support/plugin/wp-simple-firewall/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/wp-simple-firewall/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/wp-simple-firewall/reviews/)

## Tags

 * [admin-ajax.php](https://wordpress.org/support/topic-tag/admin-ajax-php/)

 * 2 replies
 * 3 participants
 * Last reply from: [nacaut](https://wordpress.org/support/users/nacaut/)
 * Last activity: [2 years, 11 months ago](https://wordpress.org/support/topic/admin-ajax-php-18/#post-16897254)
 * Status: resolved