auth1299
Forum Replies Created
-
For Plugin Author:
By the way I can passivly detect your plugin on all wordpress sites. Your plugin should not show any trace until you get to the page that shows the map. You may want to look into that. It may just be some sloppy coding. This gives hackers an edge when vulnerabilities are found in your code.
The only people having this issue are smart enough to protect the admin folder on there wordpress site.
Here is the issue. It’s best practice to protect your wp-admin directory with OS authentication (windows or linux). This way you have to authenticate to the OS before even being able to get to the admin logon screen. The wp-admin-ajax.php file needs client access to it. This is a bad design flaw in wordpress. Why would wordpress put a client access file in the admin directory? I’m going to avoid long discussion on this cause it doesn’t make sense. It should have been put in the root of the site in my opinion.
Solutions:
* plugin developer: put your own wp-admin-ajax.php file with in the plugin directory and point your java or ajax scripts to this directory instead if possible.
* Hosting Admin: Allow anonymous authentication to this one file in the wp-admin directory that is other wise protected with OS authentication access.
You can also block access to the wp-admin directory using the .htaccess file on linux hosting and the web.config file in windows hosting. If that’s the case you will need to exclude this file so end users accessing the site can gain access to this poorly placed file.
The following fixed my issue. It took me a while to figure out.
Make sure you can access https://your-domain.com/wp-admin/admin-ajax.php from a browser. Replace (your-domain.com) with your website domain address. If you get denied access to this file, you need to enable access to this one file under the wp-admin folder. Check your .htaccess file or web.config file if hosting on windows and or directory authentication for the /wp-admin/ folder. The map uses client side ajax calls to this file to download the map locations.
Forum: Plugins
In reply to: [Advanced Automatic Updates] Does not work on windows serverThat idea didn’t work. I have one plugin update available and it did not updates it after running the wp-cron.php file.
Forum: Plugins
In reply to: [Advanced Automatic Updates] Does not work on windows serverI can schedule windows to automatically execute that wp-cron.php file. Do you think that is all that is needed?
Forum: Plugins
In reply to: [Advanced Automatic Updates] Does not work on windows serverWhere is the wp-cron file located?
I am running version 1.9.2
Forum: Plugins
In reply to: [CalculatorPro Calculators] [Plugin: CalculatorPro Calculators] errorWhat’s the fix? I’m still having the same issue.