WordPress.org

Ready to get started?Download WordPress

Forums

Dave's WordPress Live Search
Live search only works when logged in as Admin (8 posts)

  1. Fanaticweb
    Member
    Posted 2 years ago #

    Hi there, great plugin, although I noticed it only worked when I'm logged in as an Admin and testing it, if logged in as a user or just a visitor, it doesnt work, just a spinning icon, any recommendations??

    I do have my htaccess file redirecting all users from acceesing the wp-admin except for the administrator, could that be why??

    If so, any alternatives?? I have no choice but to block wp-admin folder since the theme I'm using doesnt offer built-in Back-office access restrictions

  2. Fanaticweb
    Member
    Posted 2 years ago #

    Hi, forgot to mention also that I'm using the plugin "Search everything" in parallel with your plugin, just in case this might be causing a conflict

  3. Dave Ross
    Member
    Plugin Author

    Posted 2 years ago #

    My plugin uses WordPress's standard, supported AJAX API, which requires me to send requests to wp-admin/admin-ajax.php. You need to either remove your .htaccess restriction on wp-admin or make an exception for admin-ajax.php, or else this and other AJAX plugins will break.

  4. Fanaticweb
    Member
    Posted 2 years ago #

    Hi Dave,

    I made a mistake, the wp-admin restriction is declared in the theme's functions.php file and not in the htaccess file, meanwhile, I tried adding the following in the htaccess file to no avail:

    #allow admin-ajax access
    <files wp-admin/admin-ajax.php>
    Order allow,deny
    allow from all
    Satisfy any
    </files>

    My functions.php file has:
    // block WP admin access
    function prevent_admin_access() {
    if (strpos(strtolower($_SERVER['REQUEST_URI']), '/wp-admin') !== false && !current_user_can('administrator')) {
    wp_redirect(get_option('siteurl'));
    }
    }

    add_action('init', 'prevent_admin_access', 0);

    I went on to the link you provided in one of your replis (http://www.nkuttler.de/post/htaccess-protect-wordpress-admin) and I couldn't figure out how else to enable the access to the ajax-admin file.

    I would really appreciate any feedback or help on this one to justify the activation of your plugin.

  5. Dave Ross
    Member
    Plugin Author

    Posted 2 years ago #

    Sounds like you need to get in touch with the person/people who made your theme. Nothing you put in .htaccess can override that kind of restriction, because functions.php is run well after .htaccess.

    This kind of setup will cause problems for any plugin which does AJAX calls "by the book". I'm sure they'll want to get that addressed in the next version of the theme. Feel free to have them get in touch with me if they need details (dave@davidmichaelross.com).

  6. Dave Ross
    Member
    Plugin Author

    Posted 2 years ago #

    This might help make the case to the plugin author(s) about fixing their restrictions: http://codex.wordpress.org/Hardening_WordPress#Securing_wp-admin

    Adding server-side password protection to /wp-admin/ adds a 2nd layer of protection around your blog's admin area, login, and files. This forces an attacker or bot to attack this 2nd layer of protection instead of your actual admin files. Most of the time WordPress attacks are carried out autonomously by a malicious software bot. But simply securing the wp-admin/ directory might also break some WordPress functionality, because the Ajax handler wp-admin/ajax-admin.php and other files can't be accessed without the password. See the #Resources section for more documentation on how to password protect your wp-admin/ directory properly.

  7. Fanaticweb
    Member
    Posted 2 years ago #

    Dave, thank you very much for your feedback and research on this matter, I'll definitely address it to the developer, he's usually very prompt on updating the theme, at first I was sure it was a syntax error in my htaccess in regards to pointing to the ajax file, I was hoping to find the extra code to place in the functions.php file to allow the access to the sub-folder of wp-admin, but I guess not.

    I'm a newb, hope you figured that much, but I like to digg in and learn this stuff, very interesting.

    On a side note, GREAT plugin by all means!

  8. Fanaticweb
    Member
    Posted 2 years ago #

    Dave, I got it to work finally by installing a plugin (wp admin block) which allowed access to your plugin's required file calling hence me removing the manual code that I had added in the functions file that restricted the wp-admin access, A1! :)

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic