Hummingbird Outputting Admin URL in Code

  • Resolved Fibro Jedi

    (@fibrojedi)


    2 years, 5 months ago

    Hi there,

    So I have a custom WP admin URL for security reasons, which should, in theory, be undiscoverable.

    However, a recent brute-force attempt made me re-look at my site’s output HTML. It seems Hummingbird outputs the admin-ajax URL in publicly-viewable source code:

    <script type="text/javascript" id="wphb-global-js-extra">
/* <![CDATA[ */
var wphbGlobal = {"ajaxurl":"https:\/\/fibrojedi.me.uk\/adminurl\/admin-ajax.php","nonce":"b1ebeb0670"};
/* ]]> */
</script>

    Please could you consider obfuscating this URL or processing this differently so that admin URL cannot be discovered this way?

    Thanks,

    FJ

Viewing 2 replies - 1 through 2 (of 2 total)
  • Thread Starter Fibro Jedi

    (@fibrojedi)

    Actually, ignore this. I <b>think</b> that code was only outputting when logged in now I have recleared caches. I’ll mark as resolved so you can ignore me. Thanks.

    Plugin Support Williams – WPMU DEV Support

    (@wpmudev-support8)

    HI @fibrojedi

    I hope you’re well today!

    I’m glad to know that you got that solved and thanks for letting us know.

    If you ever need any other support or have any other questions to us, please don’t hesitate to ask and we’ll do our best to assist you.

    Best regards,
    Adam

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Hummingbird Outputting Admin URL in Code’ is closed to new replies.