1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

wp-admin/admin-ajax.php 1900 Hits per day (Help Needed)

Discussion in 'Blogging' started by sirblack, Oct 29, 2014.

  1. sirblack

    sirblack Newbie

    Joined:
    May 11, 2013
    Messages:
    20
    Likes Received:
    1
    Hello everybody,
    Looking at the statistics of one of my wordpress websites I found more than 1,900 hits per day to admin-ajax.php. Is that number of accesses to the file normal or could it reveal a hacking attempt?
    Thanks a lot.
     
  2. hpasha

    hpasha Jr. VIP Jr. VIP

    Joined:
    May 15, 2011
    Messages:
    1,187
    Likes Received:
    179
    Location:
    Kepler 186F
    Hi sirblack,

    First of All Make sure you are using the latest version of Wordpress. Update All the Plugins and make sure to change the admin login details.

    Use This Security Plugin: https://wordpress.org/plugins/better-wp-security/

    It will stop any BruteForce Attack and prevent any hacking attempts.

    Hope it solve the issue.
     
  3. spmcnerd

    spmcnerd Regular Member

    Joined:
    Dec 20, 2010
    Messages:
    309
    Likes Received:
    106
    Wordfence in the options.
     
  4. YoungGooner

    YoungGooner Junior Member

    Joined:
    Aug 6, 2014
    Messages:
    192
    Likes Received:
    22
    Location:
    Ukraine
    Home Page:
    yes,thats clearly a hacking attempt.
     
  5. Repulsor

    Repulsor Power Member

    Joined:
    Jun 11, 2013
    Messages:
    707
    Likes Received:
    267
    Location:
    PHP Scripting ;)
    I think there are many apps that prevents access to those pages unless its refered from the admin panel.Try one of those.

    If I was in your case, I would make the page to display a "Fuck OFF" message to the guy who is trying it :D Also would capture his ip/location. But I think you can already find that from Awstats if you have it in cpanel.
     
  6. Vanrithy

    Vanrithy Power Member

    Joined:
    Jun 11, 2013
    Messages:
    619
    Likes Received:
    375
    Occupation:
    E-Media Officer
    Location:
    Kingdom of Wonder
    Home Page:
    As a WordPress developer, I see this is common in WordPress. I am pretty sure that it's not hacking attempt.
    Note: Make sure to check your traffic logs for the sources of traffic that visiting this page.

    It's called WordPress Heartbeat API.
    WordPress uses it to manage functions such as Post Locking and Auto Saving etc. Some WordPress developers also use this API to make their plugins or themes functions, too.

    The more you access your dashboard or leave it idle, the more Heatbeat API sends request to wp-admin/admin-ajax.php Heartbeat requests.

    If you're active working in your dashboard, Heartbeat requests will have a max 60 seconds in each request delay.
    If you put your dashboard sit idle, it will have a max of 120 seconds in each request delay.

    You could DISABLE it or Increase delay time between each HEARTBEAT request.

    Just a hint, disabling it could cause issue with functions that use the API.
     
    • Thanks Thanks x 2