Skills
.Work. You
Rest

wp-ajax-nopriv-visibility

Official

Harden unauthenticated WP AJAX endpoints.

Software Engineering#security#audit#ajax#wordpress#hardening#wp_query#nopriv
AuthorWPDevelopers
Version1.0.0
Installs0

System Documentation

What problem does it solve?

This Skill identifies and mitigates the risk of unauthenticated exposure caused by wp_ajax_nopriv_ handlers that build WP_Query arguments from client input, potentially leaking private, draft, or trashed content to anonymous users.

Core Features & Use Cases

  • Auditing and pattern discovery: scans for wp_ajax_nopriv_ handlers, client-parsed query strings, and indicators of widened visibility.
  • Defensive fixes and guidance: provides a field-tested patch pattern to strip dangerous keys (e.g., post_status, perm, suppress_filters) and to safely default post_status to publish, with careful treatment of post_type.
  • Regression and validation guidance: includes checks to ensure narrowing keys are preserved, and whitelists are server-trusted when widening is truly necessary.

Quick Start

Audit the site's wp_ajax_nopriv handlers and apply the recommended hardening pattern to sanitize input and limit visibility.

Dependency Matrix

Required Modules

None required

Components

Standard package

💻 Claude Code Installation

Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.

Please help me install this Skill:
Name: wp-ajax-nopriv-visibility
Download link: https://github.com/WPDevelopers/essential-addons-for-elementor-lite/archive/main.zip#wp-ajax-nopriv-visibility

Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
View Source Repository

Agent Skills Search Helper

Install a tiny helper to your Agent, search and equip skill from 510,000+ vetted skills library on demand.