Hi niyati,
Thank you for your informing me about this issue. But I can’t reproduce “forbidden” status. WP-ZEP uses JavaScript to confirm “You are a right admin”. So I guess that some JavaScript error occurs on your page. Could you check the message on browser’s console? Or I appreciate you if you kindly tell me about plugins you are using.
Of course, I will dedicate to find the solution even in this situation.
Thanks.
Thread Starter
niyati
(@niyati)
Hello,
I deactivated my plugins (wordfence, above the field optimization, autoptimize) and reactivated them one by one and I found out the “Autoptimize” plugin is the guilty one as it optimizes javascript, css & html.
I have a 403 code when activated with IP Geo Block “(blocked) GET[80]:/wp-admin/post.php?post=10&action=edit” but doesn’t block any other action from a post such posting a new post or going to the dashboard.
Everything works well when I deactivate the Javascript optimization.
There is an option “Exclude scripts from Autoptimize:” in the advanced settings to exclude scripts from being aggregated and minimized by Autoptimize, is there anything I could add there? There are already these in the field “s_sid,smowtion_size,sc_project,WAU_,wau_add,comment-form-quicktags,edToolbar,ch_client,seal.js” but it’s like Chinese for me 😉
Thank you!
Hello niyati,
I am grateful to you for your investigation!
You don’t need to add a magic spell into the “Exclude scripts from Autoptimize“. Just enable “Force JavaScript in <head>?” at “advanced settings” in Autoptimize settings, and then the issue will be solved.
Autoptimize says:
For performance reasons it is better to include JavaScript at the bottom of HTML, but this sometimes breaks things. Especially useful for jQuery-based themes.
In IP Geo Block, “auth-nonce.js”, which has dependence on jQuery (using wp_enqueue_script()) and inline script (using wp_localize_script()), is registered with a WordPress usual manner. The direct reason is because “auth-nonce.js” isn’t concatenated with other scripts including jQuery. I guess Autoptimize can’t handle a script which depeneds on inline script. But I’ve not find the exact reason.
Once I mark this topic as resolved. But I would like to find better solution about this issue (maybe cooperating with the author of Autoptimize) because “Scripts at the bottom” is one of the best practice for web performance. And I will release a new version in the future if I can.
Thanks a lot!!
You called for him and and here is Autoptimize’s developer 🙂
The direct reason is because “auth-nonce.js” isn’t concatenated with other scripts including jQuery. I guess Autoptimize can’t handle a script which depends on inline script. But I’ve not find the exact reason.
AO has the word “nonce” in the hardcoded exclusion list, to avoid inline JS with a nonce in it to be aggregated (as nonce’s “poison” AO’s cache). If you’d change your filename to e.g. “auth-nonse.js” it would get aggregated.
Let me know if you need more assistance!
Frank
Hi Frank,
Thank you for the reason and advice.
I change the filename and find that this issue has gone.
@niyati, I will fix this issue at the next release in near future.
Thanks guys!!
Thread Starter
niyati
(@niyati)
Thank you both for your time.
Have a nice day!
