EDGARROJAS on "[Plugin: Forms easily built with Smart Forms] Greate experience, while vulnerable somehow"

it owns a greate experience for my newly built website, while, when I block my wp-admin page for some security reason, I found that, the forms post request were also blocked. Because the request url contains something like ** admin-ajax.php ... **. But why the frontend should request something to backend admin, and how to avoid it?

Hello!

Thanks for your review =).

Regarding the admin-ajax.php that is a general wordpress page that is used by any plugin to do ajax requests (which are like requests to the website without the need of refreshing the page, in my case in the front end it is used to save the form information).

Although the name of the page has the word 'admin' it doesn't mean that it is doing back end admin/insecure requests, it is perfectly fine and secure (and actually is a best practice to use it) to do request to that page from the front end.

Here are a couple of links that could help in case you want to lea more about admin-ajax:
http://code.tutsplus.com/articles/more-tips-for-best-practices-in-wordpress-development--cms-21013
https://codex.wordpress.org/AJAX_in_Plugins

Hope this helps but if it doesn't please let me know =) (by creating a support ticket here please: smartforms.uservoice.com)

Regards.