Hi @jeffrey2915,
Thank you for getting in touch, we do appreciate your time.
The inclusion of the API key in that script call is within the specification provided by Google for loading their API, meaning this is a standard approach to including the API which our plugin uses to render maps and place markers.
With that said, we’d be interested to see the report you received, so that we can get a better understanding of the context in which this was received. Is that something you would be open to sharing with us?
Additionally, could I ask you to confirm that you have followed our documentation on restricting access to your API key as documented here: https://www.wpgmaps.com/documentation/ensuring-your-referrers-are-properly-inserted/ – This protects your key from being used publicly.
Thanks for your response!
I inherited this website project from a previous designer, so I don’t know its history. Following your instructions for restricting API Keys, I indeed found a key of the same name in the Google Analytics account, though I’m unsure of its origins or purpose. Can you speculate?
I also found that the first version of your filters (.example.com/), specifically the dot prefix, was missing, so have now added it. I also regenerated the Key, as suggested by Google.
Do I need to do anything else?
If you’re still interested in the alert I received from Google, is there a contact from or email address to which I can send it?
Thanks!
Hi @jeffrey2915,
Thank you for confirming, I do appreciate it. Based on the information you’ve shared, you key should be secured. You shouldn’t need to take any additional action now that the key has been regenerated (as it was shared here). Just confirming, have you also updated the key in our plugin settings area?
No need to send us a copy of the email, we received a few of these over the weekend so we have a good sample of the email. This seems to be a new automated email being sent out to users of the Google Maps API as a precautionary measure.
