Data gathering bug when admin in HTTPS?

  • Resolved fesarlis

    (@fesarlis)


    10 years, 6 months ago

    Hello all.

    I would like to report an issue I have just discovered.

    I use WP 3.9.

    SlimStat does not gather data in the following scenario:

    1. WP admin interface is forced via SSL (FORCE_SSL_ADMIN).
    2. SSL access is allowed only for specific IPs.

    I think that the reason for this can be found by examining the homepage (or any other page)’s source code:

    var SlimStatParams = {"ajaxurl":"https:\/\/www.mydomain.com\/wp-admin\/admin_ajax.php","ci":".......................

    In my case, this URL is not accessible from the client’s view. Disabling WP SSL admin and re-saving SlimStat settings solved the issue.

    To sum up:
    I usually do not need to provide access to admin-ajax.php. In this case it is needed. I wonder if SlimStat can overcome this. As I write, I realize that this is not exactly a bug (nor an issue related to SSL – I guess SSL was just the way to discover it), but I think many people would prohibit access to admin_ajax.php, and would have the same problem. . Even more, if restricted HTTPS is enforced via a firewall and not web server rules, this is getting even more difficult to adjust.

    Please forgive me if not being clear enough. Would be happy to provide extra info if requested.
    Thanks

    https://www.ads-software.com/plugins/wp-slimstat/

Viewing 7 replies - 1 through 7 (of 7 total)
  • Plugin Author Jason Crouse

    (@coolmann)

    Hi,

    it’s clearly stated in our FAQs that access to admin-ajax.php is required in order for the Javascript tracker to work as expected. I don’t think that poses a security issue, as you can read here:

    https://codex.www.ads-software.com/AJAX_in_Plugins

    However, you can disable this feature in SlimStat by choosing “Server-side” as Tracking Mode (Settings > General) and Enable Spy Mode to “No”.

    A vote for SlimStat would be a nice way to say thank you!

    Thread Starter fesarlis

    (@fesarlis)

    Thank you.
    Would ‘server-side’ work with Quick Cache plugin?

    Plugin Author Jason Crouse

    (@coolmann)

    No.

    Thread Starter fesarlis

    (@fesarlis)

    I’ve given my feedback. Thanks for the support.

    What do you mean it doesn’t work? I have made the changes you suggested above and now SlimStat collects traffic as expected. Quick Cache is enabled.

    Plugin Author Jason Crouse

    (@coolmann)

    Oh, interesting. Other users had told me it didn’t ?? Good to know!

    Thread Starter fesarlis

    (@fesarlis)

    I regret to inform you that something is still wrong.

    1. I enabled server-side tracking
    2. Cleared my cache
    3. Cleared any browser local cache

    I still see this in the source code:

    var SlimStatParams = {“ajaxurl”:”https:\/\/www.mydomain.com\/wp-admin\/admin_ajax.php”,”ci”:”…………………..

    Plugin Author Jason Crouse

    (@coolmann)

    You have another plugin telling SlimStat to use SSL for its URLs.

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘Data gathering bug when admin in HTTPS?’ is closed to new replies.