Security settings on admin end?

  • Resolved clotilde

    (@clotilde)


    11 years, 5 months ago

    Hello,

    I am using WP-PostViews (v. 1.68) on my blog and it was working perfectly until a few weeks ago, when it stopped counting views entirely.

    We run a pretty tight ship on the admin end, security-wise, and my hunch is that some security setting on my server is blocking whatever server request(s) WP-PostViews is trying to send when a reader loads a page.

    I would be most grateful if someone could give me details on what those requests are — I couldn’t find it in the documentation — as this would help me figure out if they are indeed blocked, and how to allow them to get through.

    Many thanks in advance for your insights!
    Clotilde.

    https://ww.wp.xz.cn/plugins/wp-postviews/

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author Lester Chan

    (@gamerz)

    11 years, 5 months ago

    If your WP_CACHE is set to true, it will spawn an AJAX call with the params wp-admin/admin-ajax.php?postviews_id=12345&action=postviews

    Other wise, it will just update the postmeta field called views.

    Thread Starter clotilde

    (@clotilde)

    11 years, 5 months ago

    Sorry for the late response — just wanted to thank you for the info. This will allow me to look into my issue more closely.
    Happy holidays!

    Thread Starter clotilde

    (@clotilde)

    11 years, 5 months ago

    Hello Lester,

    I am reporting back on this issue.

    I was able to pinpoint the problem to line 160 of wp-postviews.php. Sometime between version 1.64 and 1.69, the following line:

    wp_localize_script('wp-postviews-cache', 'viewsCacheL10n', array('admin_ajax_url' => admin_url('admin-ajax.php', (is_ssl() ? 'https' : 'http')), 'post_id' => intval($post->ID)));

    was changed to:

    wp_localize_script( 'wp-postviews-cache', 'viewsCacheL10n', array( 'admin_ajax_url' => admin_url( 'admin-ajax.php' ), 'post_id' => intval( $post->ID ) ) );

    In my setup, https access to the admin is restricted to just my own IP, so only my views are counted if the ajax call is made over https.

    If I revert the line to its old version — the one that checks for https vs. http — the views are counted properly.

    Is there a particular reason why you changed that line of code, and would it be possible to reintegrate that https vs. http check in future versions of the plugin?

    Many thanks,
    Clotilde.

    Plugin Author Lester Chan

    (@gamerz)

    11 years, 5 months ago

    Here is the discussion https://github.com/lesterchan/wp-polls/pull/19#issuecomment-54393751 =)

Viewing 4 replies - 1 through 4 (of 4 total)

The topic ‘Security settings on admin end?’ is closed to new replies.