July 7 2023

WordPress efficiency and speed: the risks of AJAX calls to admin-ajax.php

Identifying and Diagnosing Load and Performance Issues Related to admin-ajax.php in WordPress

Knowing how to use and optimize WordPress may seem like a small task, but there are aspects that if not managed correctly can lead to efficiency and speed problems. One example is the misuse of ad calls admin-ajax.php, a powerful tool but which, if used carelessly, can become a source of risk for your WordPress site. In this article we will analyze these risks, we will understand how to optimize the performance of your site and how to prevent your database from becoming slow.

What is AJAX

AJAX stands for Asynchronous JavaScript and XML. It is a technology that allows you to create interactive and dynamic web applications, capable of updating and modifying the content of a web page without having to reload it. This results in a smoother and more responsive user experience.

AJAX is not a programming language, but a combination of standard web technologies, such as JavaScript, XML, HTML, and CSS. While JavaScript is used to interact with HTML and create interactive features, XML is used to transport data.

What is the XMLHttpRequest

The XMLHttpRequest is an essential component in the context of web technologies, especially when it comes to AJAX. It is an object incorporated in the JavaScript language, which plays a role of fundamental importance for the implementation of AJAX functions in web applications.

Its main function is to allow the creation and sending of HTTP requests – such as GET, POST, HEAD and other HTTP methods – directly from the client side, i.e. from the user's browser, to the server. This happens without the need to reload or interrupt the user's interaction with the web page, from which the "asynchronous" attribute in the acronym AJAX derives.

But how exactly does the XMLHttpRequest work? This object starts by making a request to the server using a specific HTTP method. Once the request is ready, the XMLHttpRequest sends it to the server which then replies with the requested data. During this process, the XMLHttpRequest object maintains an open communication channel between the client and the server, allowing data to be exchanged asynchronously.

The asynchronicity of the XMLHttpRequest means that user interaction with the web application can continue uninterrupted even while the request is in progress. This allows you to create more responsive and user-friendly web applications, where operations such as loading data, updating page content or submitting forms occur almost instantaneously, without the need to reload the page.

Furthermore, the XMLHttpRequest also offers the possibility to handle responses from the server in different formats, not just XML as the name suggests. In fact, it can handle different types of data, including JSON, HTML and plain text, thus offering considerable flexibility for the development of dynamic web applications.

Aims and Benefits of AJAX

AJAX aims to make web applications faster, more interactive and user-friendly. This is accomplished by dynamically updating the page content, without the need to completely reload it.

The main benefits of AJAX include:

  1. Better Interactivity: AJAX allows you to create web applications that respond quickly and smoothly to user actions, making the user experience more similar to that of a desktop application.
  2. Less Network Traffic: Since AJAX updates only the necessary parts of the page, it reduces the volume of data exchanged between the client and the server, improving performance and reducing the load on the server.
  3. Better User Experience: Thanks to AJAX, web applications can show updated information in real time, maintain user status and offer advanced features such as form autocomplete, without the need to reload the page.

However, it's important to remember that AJAX, like any technology, has its drawbacks and should be used with caution. For example, improper use of AJAX can make navigation more complicated and decrease compatibility with search engines and browser accessibility features.

What is admin-ajax.php

Before addressing the discussion of the possible risks associated with the use of admin-ajax.php, it is essential to understand in detail what it is. The file admin-ajax.php is a key component of the WordPress system, specifically developed to handle client-side Ajax calls.

This PHP file is located in the core of WordPress, in the wp-admin directory. Although the name may suggest that it is used only for administration operations, admin-ajax.php it is actually used both in the public side (frontend) of your site, and in the administrative side (backend).

The true value of admin-ajax.php lies in its ability to perform operations in the background, without interrupting or requesting the loading of the page the user is viewing. This makes it an essential element for the interactivity of your WordPress site. For example, features like loading content asynchronously, updating a post, or submitting a comments form, are all possible thanks to admin-ajax.php.

WordPress plugin and theme developers take advantage admin-ajax.php to handle Ajax requests of their custom features. This means that when a plugin or theme needs to make a request to the server, without reloading the page, it is likely to take advantage of admin-ajax.php. The file acts as an intermediary between the user's browser and the server, handling communication and ensuring that data is sent and received correctly.

In summary, admin-ajax.php it is an integral part of the WordPress architecture, essential for implementing many dynamic features that make WordPress sites interactive and responsive. However, it is also an element that requires attention in terms of performance and security, given that improper or excessive use of admin-ajax.php can lead to server overload issues and potential security vulnerabilities.

The Risks of Calling admin-ajax.php

The use of admin-ajax.php can lead to some problems. When calls to this file increase, your server's CPU can become overloaded, leading to a decrease in the performance of your site. Also, the thoughtless use of admin-ajax.php can cause a saturation of the PHP FPM pool, which is responsible for processing your site's PHP files. As a result, your web page may take longer than normal to load.

Another risk associated with the use of admin-ajax.php is the ability to create a bypass of full page caches like Varnish. This happens because AJAX calls are not usually cached, which means that every time a user visits your page, the server has to process a new request.

Slow Database and Slow Queries

The non-optimized handling of calls to admin-ajax.php it can also lead to a slowdown of the database. This happens when requests generated by admin-ajax.php contain slow queries, i.e. queries that take a long time for the database to execute. If not handled properly, these queries can overload your database, slowing down the loading speed of your site.

Moreover, even if the SQL queries were fast enough, or even very fast, a very large number of concurrent queries would still be able to saturate the resources of the MySQL database

In short, a situation like the one above, with over 9000 connected users and over 10 page views per minute, would generate many AJAX calls, if any, and related SQL queries and PHP process spawns, making it difficult to bear the load without a significant slowdown or even a crash.

AJAX and WordPress operation

AJAX, short for Asynchronous JavaScript and XML, is a web technology that has transformed the way web pages interact with servers. Its basic principle consists in making requests to the server and receiving data in response, all in the background and without the need to reload the web page. This allows you to update portions of a page with new data, making it more dynamic and interactive.

In a system like WordPress, AJAX finds extensive use in several features. It can be used to load new comments into a post, update information in a form, or load newer posts, all without interrupting the user experience by reloading the page. This UI fluency greatly improves the end user experience.

A crucial point of implementing AJAX in WordPress is the admin-ajax.php, which as we have already mentioned, handles AJAX calls from the client side. When an AJAX action is triggered, the admin-ajax.php enters the game, processes the request and returns the appropriate response. Everything happens asynchronously, allowing the user to continue interacting with the site without interruptions.

Despite the advantages that AJAX brings in terms of interactivity and responsiveness, it is essential to keep in mind that each AJAX call generates an HTTP request to the server. This means that for each AJAX operation, the server has to dedicate resources to process the request and generate a response. This results in CPU usage and, depending on the nature of the request, may also result in a database query.

If you don't properly control and limit these AJAX requests, you can risk overloading your CPU and slowing down your site. For example, if a poorly designed or faulty WordPress plugin generates uncontrolled AJAX requests, it can cause excessive CPU usage, PHP FPM pool saturation, and database slowdown, leading to poor site performance or, in the worst case, crash of the server.

Also, since calls to admin-ajax.php bypass full page caches such as Varnish, can lead to increased load on the server. Therefore, it is essential to monitor and optimize the use of AJAX in WordPress, to ensure that the site is fast, efficient and capable of handling high user traffic.

Optimizing WordPress Performance and admin-ajax.php

Determine the source of excessive use of admin-ajax.php it can be a difficult task, but not impossible. A useful tool in this case can be the Query Monitor, a WordPress plugin that allows you to view all the AJAX requests that are performed.

By installing and activating Query Monitor, you can see what AJAX actions are being performed, what data is being transmitted, and from which part of your WordPress site the request is being made. If you notice an unusually large number of AJAX requests, you should look for the plugin or theme responsible.

Another method is to look at the web server logs: many times the requests to admin-ajax.php are logged, making it easy to identify the culprits.

Finally, you can use tools like the network inspector in your browser to monitor HTTP calls and identify which ones go to admin-ajax.php. These combined methods should help you isolate the problem and find the source of the overuse of admin-ajax.php.

Cache admin-ajax.php

While AJAX calls in WordPress are not cached by default, there are cases where it might be beneficial to consider caching some of these calls. The reasoning behind this concept is based on the nature of the requests you are making and whether or not you need to have a real-time response.

POST requests, which send data to the server for processing, should not be cached. These requests often involve data changes on the server and require a real-time response to ensure proper site functionality.

On the other hand, GET-type requests, which fetch data from the server, can be ideal candidates for caching. These requests are often used to retrieve data that doesn't change frequently or doesn't require real-time updating. For example, a page view counter, a comment list on a post, or a news feed might not need immediate updates.

Caching these GET requests can significantly reduce the load on your server, since the requests don't have to be processed every time. Instead, the response can be cached for a certain period of time, reducing the number of requests to the server and improving overall site performance.

However, it is important to be careful not to cache these requests for too long. If data changes and the cache is outdated, users may see outdated information. An ideal balance can be achieved by setting a reasonable caching period, such as a few minutes, to ensure that the data is fresh enough but requests to the server are kept to a minimum.

Remember, the decision to cache AJAX calls should be made based on the specific needs of your site and the characteristics of your AJAX requests. In some cases, it may not be necessary or even counterproductive. But in many scenarios, applying intelligent caching to AJAX calls can lead to significant performance improvements.


In conclusion, the use of admin-ajax.php in WordPress is a double-edged sword. On the one hand, it offers many possibilities to improve the interactivity of your site. On the other hand, if not used properly, it can lead to efficiency and speed problems.

To avoid this, it is essential to monitor and optimize the performance of your site, limit the number of Ajax calls and optimize your database. Remember that a fast and efficient site not only provides a better experience for your users, but can also improve your search engine rankings.

Do you have doubts? Don't know where to start? Contact us!

We have all the answers to your questions to help you make the right choice.

Chat with us

Chat directly with our presales support.


Contact us by phone during office hours 9:30 - 19:30

Contact us online

Open a request directly in the contact area.


Managed Server Srl is a leading Italian player in providing advanced GNU/Linux system solutions oriented towards high performance. With a low-cost and predictable subscription model, we ensure that our customers have access to advanced technologies in hosting, dedicated servers and cloud services. In addition to this, we offer systems consultancy on Linux systems and specialized maintenance in DBMS, IT Security, Cloud and much more. We stand out for our expertise in hosting leading Open Source CMS such as WordPress, WooCommerce, Drupal, Prestashop, Joomla, OpenCart and Magento, supported by a high-level support and consultancy service suitable for Public Administration, SMEs and any size.

Red Hat, Inc. owns the rights to Red Hat®, RHEL®, RedHat Linux®, and CentOS®; AlmaLinux™ is a trademark of AlmaLinux OS Foundation; Rocky Linux® is a registered trademark of the Rocky Linux Foundation; SUSE® is a registered trademark of SUSE LLC; Canonical Ltd. owns the rights to Ubuntu®; Software in the Public Interest, Inc. holds the rights to Debian®; Linus Torvalds holds the rights to Linux®; FreeBSD® is a registered trademark of The FreeBSD Foundation; NetBSD® is a registered trademark of The NetBSD Foundation; OpenBSD® is a registered trademark of Theo de Raadt. Oracle Corporation owns the rights to Oracle®, MySQL®, and MyRocks®; Percona® is a registered trademark of Percona LLC; MariaDB® is a registered trademark of MariaDB Corporation Ab; REDIS® is a registered trademark of Redis Labs Ltd. F5 Networks, Inc. owns the rights to NGINX® and NGINX Plus®; Varnish® is a registered trademark of Varnish Software AB. Adobe Inc. holds the rights to Magento®; PrestaShop® is a registered trademark of PrestaShop SA; OpenCart® is a registered trademark of OpenCart Limited. Automattic Inc. owns the rights to WordPress®, WooCommerce®, and JetPack®; Open Source Matters, Inc. owns the rights to Joomla®; Dries Buytaert holds the rights to Drupal®. Amazon Web Services, Inc. holds the rights to AWS®; Google LLC holds the rights to Google Cloud™ and Chrome™; Microsoft Corporation holds the rights to Microsoft®, Azure®, and Internet Explorer®; Mozilla Foundation owns the rights to Firefox®. Apache® is a registered trademark of The Apache Software Foundation; PHP® is a registered trademark of the PHP Group. CloudFlare® is a registered trademark of Cloudflare, Inc.; NETSCOUT® is a registered trademark of NETSCOUT Systems Inc.; ElasticSearch®, LogStash®, and Kibana® are registered trademarks of Elastic NV Hetzner Online GmbH owns the rights to Hetzner®; OVHcloud is a registered trademark of OVH Groupe SAS; cPanel®, LLC owns the rights to cPanel®; Plesk® is a registered trademark of Plesk International GmbH; Facebook, Inc. owns the rights to Facebook®. This site is not affiliated, sponsored or otherwise associated with any of the entities mentioned above and does not represent any of these entities in any way. All rights to the brands and product names mentioned are the property of their respective copyright holders. Any other trademarks mentioned belong to their registrants. MANAGED SERVER® is a trademark registered at European level by MANAGED SERVER SRL, Via Enzo Ferrari, 9, 62012 Civitanova Marche (MC), Italy.


Would you like to see how your WooCommerce runs on our systems without having to migrate anything? 

Enter the address of your WooCommerce site and you will get a navigable demonstration, without having to do absolutely anything and completely free.

No thanks, my customers prefer the slow site.
Back to top