In past articles I have shared with you what I consider the Top 5 WordPress Plugins for Shared Hosting but I must admit that I forgot about this one. It  was only after assisting customers from Site5 that I remembered that I had forgotten to add this important plugin as it causes severe damage sometimes.

What is the admin-ajax.php on WordPress?

It’s called WordPress Heartbeat API and it’s used by WordPress to communicate between the web browser and the server, it’s used for tasks of user session management & auto saving.

In layman’s term is the file that allows WordPress to save automatically while we are writing posts or pages and other related tasks. It helps WordPress to keep track of what is happening on the Dashboard and for this the Wordpress Heartbeat API calls this file every 15 seconds to auto save posts, provide other useful information like what your fellow administrators and authors are working on at that moment.

Unfortunately, sometimes WordPress begins to send excessive requests to admin-ajax.php which can cause a high CPU usage and this is something you need to avoid specially if you are on shared hosting accounts. For instance leaving a web browser with WordPress Dashboard opened this could be a potential issue.

How can I fix the WordPress Heartbeat API vulnerability?

It’s as simple as installing a plugin, the Heartbeat Control WordPress plugin. But let me guide you step by step on this path just in case you need some visual guidance 🙂

Installation instructions:

  1. Login to your WordPress Dashboard, for instance if your wordpress website is, then you would go to or, please bare in mind that you will need to replace with your actual domain name.
  2. Once you are logged in to your Dashboard, go to Plugins and then click on Add New.heartbeat-control-install-2
  3. On the Add New page, go to the input box and type: Heartbeat Control and then press the Enter button on your keyboard to perform the search on WordPress Plugin directory.heartbeat-control-install-3
  4. Once you get the result page you should get the proper plugin as the first result. Make sure that the plugin developer name is JeffMatson. Now click on the Install Now button to install it on your website.heartbeat-control-install-4
  5. You will be sent to a new page where WordPress will download the plugin from the website and install it for you. So sit back and relax.heartbeat-control-install-5
    6. Now you will be sent to the Dashboard >> Plugins page where you will see a list of all the installed plugins. Look for Heartbeat Control and click on Activate Plugin.

What now? Relax, this was just the installation phase. But this one was better than the installation instructions of the plugin itself.

Setup the Heartbeat Control plugin

  1. First go to WordPress Dashboard >> Tools >> Heartbeat Control. heartbeat-control-setup-1
  2. On the Heartbeat Control page you will see 2 dropdown boxes. The very first one allows you to disable Wordpress Heartbeat API on the entire website or on specific locations. On this part it really comes down to how you want to handle it, since the autosave feature at least for me it’s pretty useful; you will have to decide where you want to completely disable WordPress heartbeat API or just allow it to run on some locations.heartbeat-control-setup-2
  3. The 2nd dropdown menu allows you to specify how often would WordPress heartbeat API make a request to admin-ajax.php. My suggestion is for you to set this to at least 60 seconds instead of 15, that will relieve some stress and CPU time from your account.heartbeat-control-setup-3
  4. When you are ready and done, please click on Save Changes.

Voila! Now you have relieved some resources on your account, and if you are a Site5 customer, your Resource Points will decrease 🙂

Below I’m sharing the video tutorial from the folks from WPBeginner:

What about you guys, have you ever had issues with admin-ajax.php ?

Published by Sal Aguilar

IT Pro that focuses in solving problems and providing solutions for customers.

Leave a comment

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

<span>%d</span> bloggers like this: