is_protected_ajax_action(): bool

In this article

Determines whether we are currently handling an Ajax action that should be protected against WSODs.


bool True if the current Ajax action should be protected.


function is_protected_ajax_action() {
	if ( ! wp_doing_ajax() ) {
		return false;

	if ( ! isset( $_REQUEST['action'] ) ) {
		return false;

	$actions_to_protect = array(
		'edit-theme-plugin-file', // Saving changes in the core code editor.
		'heartbeat',              // Keep the heart beating.
		'install-plugin',         // Installing a new plugin.
		'install-theme',          // Installing a new theme.
		'search-plugins',         // Searching in the list of plugins.
		'search-install-plugins', // Searching for a plugin in the plugin install screen.
		'update-plugin',          // Update an existing plugin.
		'update-theme',           // Update an existing theme.
		'activate-plugin',        // Activating an existing plugin.

	 * Filters the array of protected Ajax actions.
	 * This filter is only fired when doing Ajax and the Ajax request has an 'action' property.
	 * @since 5.2.0
	 * @param string[] $actions_to_protect Array of strings with Ajax actions to protect.
	$actions_to_protect = (array) apply_filters( 'wp_protected_ajax_actions', $actions_to_protect );

	if ( ! in_array( $_REQUEST['action'], $actions_to_protect, true ) ) {
		return false;

	return true;


apply_filters( ‘wp_protected_ajax_actions’, string[] $actions_to_protect )

Filters the array of protected Ajax actions.



User Contributed Notes

You must log in before being able to contribute a note or feedback.