Support » Plugin: kk Star Ratings » Suggestion: don't make calls to wp-admin

  • Resolved Ruben.cc

    (@rubencc)


    When trying to further secure my site by protecting the wp-admin area using .htaccess, I came across the problem that regular visitors also got a password prompt while loading my site.

    After a short period of troubleshooting this seemed to be caused by kk Star Ratings.

    For reasons unknown to me (I’m not a plugin guru) kk Star Ratings is making calls to wp-admin/admin-ajax.php which results in password prompts for sites that protected the wp-admin area. Out of 30+ plugins I use, only kk Star Ratings is doing this.

    I’m trying to solve this myself by placing a copy of the admin-ajax.php inside the plugin folder itself and modifying the files that call it (index.php and admin.class.php) but maybe it would be a good idea to change this in future releases because calling inside wp-admin might also collide with various protection plugins in the WordPress repository.

    Just a suggestion, really love this plugin! 😉

    http://wordpress.org/plugins/kk-star-ratings/

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author Kamal Khan

    (@bhittani)

    Yes, people are concerned with this issue. Although wordpress provides this feature for AJAX calls.

    I will look into a in built ajax solution in the future.

    Thanks

    Thread Starter Ruben.cc

    (@rubencc)

    Well, it’s not that I’m that concerned with making calls to the ajax routine but I like to secure my site by blocking the wp-admin folder using .htaccess. Unfortunately that method also results in regular visitors being prompted for a password whenever a page calls something inside this wp-admin folder.

    Like I wrote, easily solvable by making a copy of the admin-ajax.php outside wp-admin and modify scripts that call it. But I feel that not everyone might be into php enough to make such modifications.

    It would be a shame if people cannot or will not use your add-on because it collides with another plugin. I know there are security plugins out there that also block the wp-ammin by creating an .htaccess file.

    Inexperienced users might not understand why your plugin and some security plugin won’t function together let alone how to solve this and then probably choose to just not use either your plugin or the security plugin. 🙂

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Suggestion: don't make calls to wp-admin’ is closed to new replies.