Title: Test using admin-ajax
Last modified: August 30, 2016

---

# Test using admin-ajax

 *  [Marcus Downing](https://wordpress.org/support/users/marcusdowning/)
 * (@marcusdowning)
 * [10 years, 5 months ago](https://wordpress.org/support/topic/test-using-admin-ajax/)
 * The test facility in this plugin falls foul of some security rules, because it:
 * 1. Directly accesses a PHP file in `wp-content`
    2. Doesn’t have a CSRF token.
 * In our specific case it was being blocked by modsecurity, but I’m sure other 
   setups are likely to have similar problems.
 * I believe both these issues would be addressed by changing the test to use WordPress’
   built-in AJAX endpoint `admin-ajax.php` instead of directly addressing its own
   PHP file.
 * [https://wordpress.org/plugins/active-directory-integration/](https://wordpress.org/plugins/active-directory-integration/)

The topic ‘Test using admin-ajax’ is closed to new replies.

 * ![](https://s.w.org/plugins/geopattern-icon/active-directory-integration_e2ecae.
   svg)
 * [Active Directory Integration](https://wordpress.org/plugins/active-directory-integration/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/active-directory-integration/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/active-directory-integration/)
 * [Active Topics](https://wordpress.org/support/plugin/active-directory-integration/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/active-directory-integration/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/active-directory-integration/reviews/)

## Tags

 * [ajax](https://wordpress.org/support/topic-tag/ajax/)
 * [csrf](https://wordpress.org/support/topic-tag/csrf/)

 * 0 replies
 * 1 participant
 * Last reply from: [Marcus Downing](https://wordpress.org/support/users/marcusdowning/)
 * Last activity: [10 years, 5 months ago](https://wordpress.org/support/topic/test-using-admin-ajax/)
 * Status: not resolved