If you’ve ever used the force SSL admin/login configuration in WordPress with a self signed SSL certificate and are then using admin-ajax.php for processing ajax requests on the front end you *might* have noticed the ajax functionality breaks for non logged-in users.
When a user typically visits a page using self signed SSL certificate the users web browser will typically pop up an alert window exclaiming the the websites certificate is invalid and require the user to manually choose whether or not to continue (and save the decision for later visits).
In the case of an ajax request, if the user hasn’t previously visited a page on the site using https and has not already chose to continue using the site anyway, the user doesn’t get the chance to choose to continue so the request fails.
To get around this you’ll typically need to either:
- Fork out the dollars for a non self signed / verified SSL that doesn’t need to manually approved;
- Disable the force ssl admin/login configuration (which I wouldn’t recommend if you have previously made the decision to use it); or
- You can update your code to point to the non-ssl (http) url for the admin-ajax.php script. Depending on how the admin-ajax.php script is referenced it might be as simple as changing “https” to “http” in a string or in cases where the admin_url() function is used you can set the scheme parameter to “http” e.g.
admin_url( 'admin-ajax.php', 'http' );