Search result returning "no naughty busisness here" for non-logged in users

  • Hi there,

    I noticed on my site for non-logged in users, all search queries return “no naughty busisness here” but the search query works for logged in users. I tracked this error message to the process.php file on line 170

    if(isset($formid) && wp_verify_nonce($nonce, 'ajaxwpsfsearch')){

    When I remove the wp_verify_nonce part, it works. I’m not sure if this will leave the site open to vulnerabilities though. Any ideas on what could be happening here?

    Many thanks,

    Erin

    https://www.ads-software.com/plugins/ajax-wp-query-search-filter/

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author TC.K

    (@wp_dummy)

    Normally it will not have this message on search. That’s mean there are something wrong with your wp creating the nonce. Do you any cache plugin in your site? Have you try the search on different browser? If it is working on different browser (with non-logged in user), it probably is the cache problem.

    If you disable the nonce check, does not mean you will be vulnerable to attack. The ajax search actually firing the wp_query, which is the wp class that use to query the database. wp_query itself have enough security when querying the database, but who’s know there are genius out there able to crack this code. So, for more safer reason, I added the nonce check into the plugin.

    It’s better to not remove it though. If can, try solve the plugin by not editing the plugin core file.

    Thread Starter erin814

    (@erin814)

    Okay thanks for the quick reply. I thought it was the caching also and I did have WP Super Cache installed but I deactivated it and deleted the cache and it still didn’t work. I tried on all major browsers and still no luck (FF, Chrome, IE, Safari, Opera). I also tried deactivating my other plugins one by one and it didn’t resolve it.

    I’m going to keep plugging away at it and will post if I figure it out, in case anyone else comes across this.

    Thanks

    no luck?

    Thread Starter erin814

    (@erin814)

    I wasn’t able to find a solution so I just removed the bit of code as mentioned above. Since the author does not think this will make the site vulnerable, it seemed like I could maybe get away with it. I also have other security plugins and regular backups of the site just in case.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Search result returning "no naughty busisness here" for non-logged in users’ is closed to new replies.