How Do I Change admin-ajax.php in WordPress?

Q: How do I change admin-ajax.php in WordPress?

Go to WP Ghost > Change Paths > Ajax Security. Enter a custom name in the Custom admin-ajax.php Path field. Click Save. WP Ghost rewrites all frontend AJAX URLs to the new path. The default path returns 404 for bots.

Q: Does Ghost Mode change admin-ajax.php automatically?

Yes. Ghost Mode generates a custom path for admin-ajax.php along with all other path changes. Safe Mode leaves it at default for maximum compatibility.

Q: Does WP Ghost modify WordPress core files?

No. The admin-ajax.php file is not renamed or modified. Server rewrite rules route requests from the new URL to the original file. Deactivating restores the default path.

Moved

This tutorial has moved to the new WP Ghost Knowledge Base where each feature is presented in detail.

View on new site

Go to WP Ghost > Change Paths > Ajax Security, set a custom name in the Custom admin-ajax.php Path field, and click Save. WP Ghost replaces the default /wp-admin/admin-ajax.php URL with your custom path across the entire frontend. The default path returns a 404 error for bots while all legitimate AJAX calls route through the new URL transparently.

Why Changing admin-ajax.php Matters

The /wp-admin/admin-ajax.php file is one of the most targeted endpoints in WordPress. Every AJAX request on the frontend (form submissions, live search, add-to-cart actions, infinite scroll) passes through this single file. Bots exploit it in several ways: they send crafted POST requests with malicious action parameters to trigger vulnerabilities in plugins, they use it for SQL injection attempts, and they probe it to confirm a site runs WordPress since admin-ajax.php only exists in WordPress installations.

Changing the admin-ajax.php path removes this known endpoint from the attack surface. Bots sending requests to the default /wp-admin/admin-ajax.php get a 404 error. Your site’s AJAX functionality continues working through the new custom URL without any code changes needed.

How to Change admin-ajax.php in WP Ghost

Go to WP Ghost > Change Paths > Ajax Security. Enter a custom name in the Custom admin-ajax.php Path field. Choose something unique and not guessable, like app-handler or a random string. Click Save.

After saving, WP Ghost automatically rewrites all frontend AJAX URLs from /wp-admin/admin-ajax.php to your custom path. The /wp-admin/ prefix is also removed from the URL, so the AJAX path no longer reveals the admin directory. For example, if you set the custom path to app-handler, your frontend AJAX calls will use /app-handler instead of /wp-admin/admin-ajax.php.

Clear all cache after making this change so cached pages use the new AJAX URL. Test your site’s AJAX-dependent features (forms, live search, WooCommerce add-to-cart) in a private browser to confirm everything works. For the complete AJAX configuration guide, see the Change admin-ajax.php Path tutorial.

Compatibility Notes

Most plugins and themes work seamlessly with a custom admin-ajax.php path because WP Ghost handles the URL rewriting at the server level. However, a few plugins hardcode the default admin-ajax.php path instead of using WordPress’s admin_url('admin-ajax.php') function. If a specific feature stops working after changing the AJAX path, that plugin likely hardcodes the URL.

In that case, you have two options: revert the AJAX path to the default admin-ajax.php in WP Ghost while keeping all other path changes active, or contact the plugin author to request they use the standard WordPress AJAX URL function. WP Ghost’s other security features (path security for 30+ other paths, firewall, brute force protection, security headers) continue working regardless of the AJAX path setting.

Frequently Asked Questions

Will changing admin-ajax.php break WooCommerce?

No. WooCommerce uses WordPress’s standard AJAX URL function, so it automatically uses the new path. Add-to-cart, checkout, coupon application, and all other WooCommerce AJAX features work normally. Clear your cache after making the change and test the cart in a private browser.

Does Ghost Mode change admin-ajax.php automatically?

Yes. When you activate Ghost Mode, WP Ghost generates a custom admin-ajax.php path along with all other path changes. You can accept the generated value or customize it to something specific. Safe Mode leaves the AJAX path at its default by design to maximize compatibility.

Is this a free feature?

Yes. Changing the admin-ajax.php path is included in the free version of WP Ghost.

Does WP Ghost modify WordPress core files?

No. The admin-ajax.php file is not renamed, moved, or modified. WP Ghost uses server rewrite rules to route requests from the new URL to the original file. Deactivating WP Ghost restores the default AJAX path instantly.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.