Closed Retroperra closed 7 years ago
Take a look at the Codex https://codex.wordpress.org/Brute_Force_Attacks. Under admin-ajax part. It is by design from WordPress. I am not a fan of it. I have no idea why WP requires the use of admin-ajax for FE Ajax calls
Aha - thanks, I'll bring my question to WP dev forums. To me that ajax file might have a more suitable place in /wp-includes.
Thanks for your fast reply and a great plugin.
The plug works fine but appearently it needs the visitor/voter access to the '/wp-admin' directory.
We always shut down access to that directory to a few ip-adresses - using .htaccess - to prevent hacking. I run some 30ish sites and the wp-admin directory is locked down in all of them. That normally works fine and we have zero malicious login attempts. Of course there are a hundred or more tries to access that dir per day but with no luck.
Anyway; the issue with WP-polls is that with the .htaccess limits active a casual visitor cannot vote or see the results.
I saw that /wp-admin/admin-ajax.php is mentioned in the shown page source but are there other files?
I will try open that file for reading and close access to the rest.