Skip to content
Roots
  • Home page
  1. Blog

WordPress REST API vs admin-ajax.php: The Modern Choice

Ben Word Ben Word

We’re still coming across newly written code from WordPress developers that use admin-ajax.php for AJAX requests. The WordPress REST API was released almost ten years ago and it’s faster, more secure, and significantly easier to work with.

The problem with admin-ajax.php

admin-ajax.php is a legacy system that predates the REST API. While it still works, it comes with drawbacks:

  • Performance: It loads the entire WordPress admin environment on every request, even when you don’t need it
  • No HTTP verb support: Everything goes through POST, making endpoints less semantic
  • Limited structure: Actions are just strings with no built-in routing or parameter validation

According to Delicious Brains’ performance testing, REST API endpoints can be significantly faster than admin-ajax.php because they bypass unnecessary admin overhead.

Using the REST API

Here’s a complete example showing how clean REST API code can be:

register_rest_route('app/v1', '/endpoint', [
    'methods' => 'GET',
    'callback' => 'callbackFunction',
    'permission_callback' => fn () => current_user_can('manage_options'),
]);

public function callbackFunction() {
    return ['status' => 'ok', 'message' => 'It works!'];
}

fetch('/wp-json/app/v1/endpoint', {
    method: 'GET',
})
.then(response => response.json())
.then(data => {
    console.log('Success:', data);
})
.catch(error => {
    console.error('Error:', error);
});

Why the REST API is better

Built-in Security: The permission_callback is required, forcing you to think about security upfront

True RESTful Design: Use proper HTTP methods (GET, POST, PUT, DELETE) that match your intent and your API becomes self-documenting

Better Performance: No admin overhead means faster responses and lower server load

Modern Standards: REST APIs are industry-standard, making your code more familiar to developers and easier to integrate with external tools

Automatic Discovery: WordPress automatically documents your endpoints at /wp-json/, making testing and integration simpler

When to use each

REST API: Everything. New projects, new features, any AJAX functionality.

admin-ajax.php: Only when maintaining legacy code where refactoring isn’t justified.

Making the switch

The WordPress REST API has been part of core since version 4.7 (released in 2016). There’s no reason to keep building with admin-ajax.php. The REST API is faster, more secure, and follows modern web standards.

For a comprehensive guide on using the REST API, check out the official WordPress tutorial.

Treat admin-ajax.php like you’d treat jQuery: legacy code that shouldn’t appear in new projects.

Discuss this post on Roots Discourse

About the author

Ben Word

Ben Word has been creating WordPress sites since 2004. He loves dogs, climbing, and yoga, and is passionate about helping people build awesome things on the web.

Subscribe for updates

Join over 8,000 subscribers on our newsletter to get the latest Roots updates and tips on building better WordPress sites

Looking for WordPress plugin recommendations, the newest modern WordPress projects, and general web development tips and articles?

One last step! Check your email for a verification link.