/ghost-admin is visible in source code

  • Resolved zenitbooks

    (@zenitbooks)


    12 months ago

    Hi there,

    When running the Seccurity Check I get the “/ghost-admin is visible in source code”. When I try to “Fix” it by clicking the button “Fix It” it doesn’t get fixed. After that I tried the suggested fix “Switch on WP Ghost > Change Paths > Hide wp-admin from ajax URL. Hide any reference to admin path from the installed plugins.” Even after that it is not fixed. The cuplrit might be WP Rocket ccache plugin, since cache is the only place where the string /ghost-admin shows. Here is the line from the cache file where the string appears “<script type=”rocketlazyloadscript” data-rocket-src=”https://somesite.com/ghost-admin/js/password-strength-meter.min.js&#8221; id=”password-strength-meter-js” data-rocket-defer defer></script>”.

    Let me know if you need more info. Any help will be highly appreciated.

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Support Peter

    (@petersquirrly)

    12 months ago

    👋Hi,

    Thank you for reaching out.

    Please check out this article to see how you can use WP Ghost along with WP Rocket.
    https://wpghost.com/kb/wp-ghost-and-wp-rocket-cache/

    After which, do make sure to let us know if you face any further difficulties.

    Thread Starter zenitbooks

    (@zenitbooks)

    12 months ago

    I followed the article, but it didn’t fix the problem. The paths are fixed for cache files, but the error still persists. Any ideas?

    Plugin Support Peter

    (@petersquirrly)

    12 months ago

    I see, thank you for trying it out.

    Please go to WP Ghost > Advanced > Compatibility and use the Clean Login option, as password-strength-meter.min.js usually loads on the login page, and this might do the trick.

    Thread Starter zenitbooks

    (@zenitbooks)

    12 months ago

    Thank you for your help, but this didn’t help either. Any other suggestions?

    Plugin Support Peter

    (@petersquirrly)

    12 months ago

    In this case the next step of action would be to identify whether the theme or a plugin is adding that file to the frontend.

    Normally, files from wp-admin shouldn’t be imported into the frontend, even if it’s for a signup form.

    WP Ghost cannot remove WordPress functionality but has changed wp-admin to a custom path.

    If you can’t remove the password strength check from the homepage, you should rename wp-admin to something like “source” or “random-path” so it doesn’t draw attention to the fact that it’s the admin area. In that case, you can ignore the security task because WP Ghost includes the Firewall > 8G Firewall and Header Security components that handle hack prevention.

Viewing 5 replies - 1 through 5 (of 5 total)

The topic ‘/ghost-admin is visible in source code’ is closed to new replies.

  • 5 replies
  • 2 participants
  • Last reply from: Peter
  • Last activity: 12 months ago
  • Status: resolved