search

lesterchan / wp-polls

Adds an AJAX poll system to your WordPress blog. You can also easily add a poll into your WordPress's blog post/page.
https://wordpress.org/plugins/wp-polls/
93 stars 78 forks source link

/wp-admin/ajax.php #87

Closed Retroperra closed 7 years ago

Retroperra commented 7 years ago

The plug works fine but appearently it needs the visitor/voter access to the '/wp-admin' directory.

We always shut down access to that directory to a few ip-adresses - using .htaccess - to prevent hacking. I run some 30ish sites and the wp-admin directory is locked down in all of them. That normally works fine and we have zero malicious login attempts. Of course there are a hundred or more tries to access that dir per day but with no luck.

Anyway; the issue with WP-polls is that with the .htaccess limits active a casual visitor cannot vote or see the results.

I saw that /wp-admin/admin-ajax.php is mentioned in the shown page source but are there other files?

I will try open that file for reading and close access to the rest.

lesterchan commented 7 years ago

Take a look at the Codex https://codex.wordpress.org/Brute_Force_Attacks. Under admin-ajax part. It is by design from WordPress. I am not a fan of it. I have no idea why WP requires the use of admin-ajax for FE Ajax calls

Retroperra commented 7 years ago

Aha - thanks, I'll bring my question to WP dev forums. To me that ajax file might have a more suitable place in /wp-includes.

Thanks for your fast reply and a great plugin.