Support » Plugin: Store Locator Plus for WordPress » My Store Locator Plus locations are not showing on map

Viewing 15 replies - 1 through 15 (of 18 total)
  • Same with me, just started today after the upgrade.

    i fixed mine like this: I had reinstalled the plugin and then imported the table of locations into the database with phpmyadmin, but nothing was showing up. So then I added a fake location through the WP Admin page and somehow that triggered the plugin to see everything. Then I deleted the fake location. All good.

    I like to try that, but when you added the fake location through the WP admin.
    Do you mean adding a new location in the Store Locator Plus plugin or somewhere else in the WP admin?

    Let me know.

    Thank you

    Plugin Author Store Locator Plus


    What version did you update from? To?

    This should not happen and did not appear on my test sites ( and which are my final “production tests” for SLP.

    VNH is on SLP 3.7.1 using the regular WordPress update, no special “trickery” on this end.

    My store locator has suddenly stopped displaying search results after the upgrade BUT I am running WP-Members as well and if you are logged in it works but if you are NOT logged in it does not work… the page is NOT restricted and worked perfectly before upgrading to 3.7.3 – any clues what I should do? the site is

    Location markers are not showing on the map immediately, or after a search on map. Being logged in or not makes no difference.

    UPDATE: Got it working – check to make sure the home and destination icon folder locations are correct. I migrated my site from a development server, and the locations still pointed there. When I changed them to the correct server and folder, the location markers popped right back up.

    Plugin Author Store Locator Plus


    @lbyleveld – you have a security issue on your WordPress installation or on the server itself. This has nothing to do with the SLP plugin.

    “NetworkError: 403 Forbidden –

    The upgrade to 3.7.3 would not have changed this other than the fact that the system-level file permissions would revert back to their default setting. My guess is someone enabled access to the plugin files when you first installed. Either that or your system security has changed between the initial install and your recent update to 3.7.3.

    thanks for the quick response _ I really appreciate it, I will look at the permissions…

    The following fixed my issue. It took me a while to figure out.

    Make sure you can access from a browser. Replace ( with your website domain address. If you get denied access to this file, you need to enable access to this one file under the wp-admin folder. Check your .htaccess file or web.config file if hosting on windows and or directory authentication for the /wp-admin/ folder. The map uses client side ajax calls to this file to download the map locations.

    Plugin Author Store Locator Plus


    @auth1299 – thanks for sharing. I didn’t realize you could have access to the main site but have the built-in WordPress AJAX handler restricted.

    The plugin specifically uses JSONP (v. XML) to reduce possible cross-domain and other security issues, but I guess there must be another level of security we need to know about.

    What did you do to fix your problem? Change permissions on the PHP file at the file access level? A HTTP config change? An .htaccess change?

    Here is the issue. It’s best practice to protect your wp-admin directory with OS authentication (windows or linux). This way you have to authenticate to the OS before even being able to get to the admin logon screen. The wp-admin-ajax.php file needs client access to it. This is a bad design flaw in wordpress. Why would wordpress put a client access file in the admin directory? I’m going to avoid long discussion on this cause it doesn’t make sense. It should have been put in the root of the site in my opinion.


    * plugin developer: put your own wp-admin-ajax.php file with in the plugin directory and point your java or ajax scripts to this directory instead if possible.

    * Hosting Admin: Allow anonymous authentication to this one file in the wp-admin directory that is other wise protected with OS authentication access.

    You can also block access to the wp-admin directory using the .htaccess file on linux hosting and the web.config file in windows hosting. If that’s the case you will need to exclude this file so end users accessing the site can gain access to this poorly placed file.

    The only people having this issue are smart enough to protect the admin folder on there wordpress site.

    For Plugin Author:

    By the way I can passivly detect your plugin on all wordpress sites. Your plugin should not show any trace until you get to the page that shows the map. You may want to look into that. It may just be some sloppy coding. This gives hackers an edge when vulnerabilities are found in your code.

    Plugin Author Store Locator Plus


    @auth1299 – turn off Force Load JavaScript. That setting is on be default and is, sadly, required because I have found over 20% of the themes out there are NOT WordPress 3.3 compliant or do not follow best practices for loading JavaScript.

    I don’t like having SLP pre-load, but if I don’t then 20% of the users thing the plugin doesn’t work. In the current mode less than 5% of the sites have problems.

    The BEST way to use SLP is to turn OFF Force Load JavaScript. That will prevent the scripts from loading unless needed (when the SLP shortcode has been rendered).

    As far as making a copy of our own version of the AJAX listener, that is NOT a good idea. There are a TON of threads about not doing stuff like that, including your own copies of jQuery, and a whole slew of other bad practices. Yes, WordPress has security holes but it is much tighter than most other web apps and the core team works hard to close those holes where possible.

    As for securing the login I’ve recently been adding Google Authenticator to all my client sites and my own sites. Not perfect but much better than a wide-open password based access. Especially when you have to leave the AJAX listener open.

    BTW, if you REALLY want to get creative with security, create a list of valid plugins in the header of the AJAX listener and filter it through active plugins. If the plugin is not on the approved list, drop to a 404. That is way beyond the scope of this plugin but may be a cool idea for a “harden WP” plugin. That along with moving wp-config.php and making sure ALL references to the *thumb php files have been updated (there is a well published exploit out there that lets hackers get into your command line if you have the older *thumb code).

    Thanks for sharing the info.

Viewing 15 replies - 1 through 15 (of 18 total)
  • The topic ‘My Store Locator Plus locations are not showing on map’ is closed to new replies.