Title: Google API keys public visible in source code
Last modified: March 21, 2023

---

# Google API keys public visible in source code

 *  [johannes68](https://wordpress.org/support/users/johannes68/)
 * (@johannes68)
 * [3 years, 2 months ago](https://wordpress.org/support/topic/google-api-keys-public-visible-in-source-code/)
 * I got a warning from Google stuff, about my Google API key public visible on 
   website. On further investigation, I found it really published in site source
   code by leaflet mapsmarker plugin.
   This is an absolute no-go, the API key should
   never ever be public visible in the site sourcecode through any plugin.

Viewing 1 replies (of 1 total)

 *  Plugin Author [Robert Seyfriedsberger](https://wordpress.org/support/users/harmr/)
 * (@harmr)
 * [3 years, 2 months ago](https://wordpress.org/support/topic/google-api-keys-public-visible-in-source-code/#post-16592458)
 * Hi Johannes,
 * thank you for expressing your concerns about the Google API key being publicly
   visible on your website. For any plugin, including ours, to utilize the Google
   Maps JavaScript API as per Google’s documentation, the API key must be loaded
   in the source code on the page where the map is displayed.
 * I would like to clarify that the Leaflet Maps Marker plugin is a third-party 
   plugin for WordPress, and it is not directly related to the Google Maps JavaScript
   API. However, I will provide you with some guidance on how to mitigate this issue.
 * To help protect your Google API key, please follow the steps below:
    1. Regenerate your API key: To ensure that your current API key remains secure,
       please go to the Google Cloud Console ([https://console.cloud.google.com/](https://console.cloud.google.com/)),
       navigate to the “Credentials” section under the “APIs & Services” menu, and 
       regenerate your API key.
    2. Restrict your API key: In the Google Cloud Console, you can set restrictions
       on your API key to limit its usage to specific IP addresses, referrers, or apps.
       This will help prevent unauthorized access to your API key. To learn more about
       how to restrict your API key, please follow this guide: [https://www.mapsmarker.com/kb/user-guide/google-maps-javascript-api](https://www.mapsmarker.com/kb/user-guide/google-maps-javascript-api)(
       section “Optional steps (recommended)”.
 * If you have any questions or need further assistance, please don’t hesitate to
   ask.
 * Best regards,
 * Robert

Viewing 1 replies (of 1 total)

The topic ‘Google API keys public visible in source code’ is closed to new replies.

 * ![](https://ps.w.org/leaflet-maps-marker/assets/icon.svg?rev=970936)
 * [Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps)](https://wordpress.org/plugins/leaflet-maps-marker/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/leaflet-maps-marker/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/leaflet-maps-marker/)
 * [Active Topics](https://wordpress.org/support/plugin/leaflet-maps-marker/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/leaflet-maps-marker/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/leaflet-maps-marker/reviews/)

## Tags

 * [api key](https://wordpress.org/support/topic-tag/api-key/)
 * [safety](https://wordpress.org/support/topic-tag/safety/)

 * 1 reply
 * 2 participants
 * Last reply from: [Robert Seyfriedsberger](https://wordpress.org/support/users/harmr/)
 * Last activity: [3 years, 2 months ago](https://wordpress.org/support/topic/google-api-keys-public-visible-in-source-code/#post-16592458)
 * Status: not a support question