@dwinden
Thanks for your corrections, they would be useful for upcoming users. But I would like to know why this file was blocked? Any security issues that I can expect? If no, then when this patch would be included into plugin?
0xff
Guys,
I’m also interested in this request. You allow me to use admin-ajax.php but not admin-post.php. If somebody want to fix this then you need to modify /core/modules/hide-backend/class-itsec-hide-backend.php file and line 161:
strpos( $_SERVER['REQUEST_URI'], 'admin-ajax.php' ) === false
to
strpos( $_SERVER['REQUEST_URI'], 'admin-ajax.php' ) === false && strpos( $_SERVER['REQUEST_URI'], 'admin-post.php' )
I don’t know the objectives why this file was blocked so do this on your own risk. I created a separated request here:
https://wordpress.org/support/topic/hide-backend-feature-doesnt-allow-me-to-use-admin-postphp?replies=1#post-8751645
