Sucuri IP problem

  • Resolved mustafabaysal

    (@mustafabaysal)


    7 years, 2 months ago

    Hi, thanks for this great plugin.

    There’s no problem with your plugin, it works well.

    But in one of my websites which has a SUCURI firewall, i have a problem.

    For last 2 weeks, visitors can’t vote ratings if their IP is not whitelisted in Sucuri dashboard.

    I mean; when i move a visitor’s current IP to the IP whitelist in Sucuri dashboard then visitor can vote succcesfully.

    But ıf te IP is not in white list, then visitor can’t vote. He or she clicks the star, it says LOADING but nothing happens.

    Here is my question:

    – There is a “URL path” whitelist part in Sucuri Dashboard and i need to know what URL ı have to put in white list.
    I tried to put “/wp-content/plugins/wp-postratings/images/stars_crystal/rating_over.gif” and “/wp-content/plugins/wp-postratings/” urls in white list bu it didn’t work.

    So what URL should be whitelisted that makes the voting possible for Sucuri Firewall ignores it?

    Ps: You can check my website’s any post to see how voting doesn’t work.

    Thanks.

    The page I need help with: [log in to see the link]

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Author Lester Chan

    (@gamerz)

    7 years, 2 months ago

    https://iscidunyasi.com/wp-admin/admin-ajax.php returns 403, so whitelist that?

    Thread Starter mustafabaysal

    (@mustafabaysal)

    7 years, 2 months ago

    Thanks for your quick reply. Sucuri responsed my ticket and yes they found the same URL path. But what they say is they can’t allow “wp-admin” to be whitelisted because of security reasons. They will check out for another solution.

    So what URL would you suggest to be whitelisted instead of “https://iscidunyasi.com/wp-admin/admin-ajax.php” ?

    Or what can be done alternatively?

    Thanks.

    Plugin Author Lester Chan

    (@gamerz)

    7 years, 2 months ago

    WordPress AJAX whether frontend of backend has to go through wp-admin/admin-ajax.php (I don’t really agree with the design decision). So if that is not whitelisted, it will not work.

    Thread Starter mustafabaysal

    (@mustafabaysal)

    7 years, 2 months ago

    Yes i see what you mean.

    But have a last question:

    I use your olugin for more than 3 years and sucuri as well.

    So what happened and it stopped working since March 21, 2019?

    I know maybe it’s not about your plugin, but i’m triyng to figure out what may have happened at that time? An update by Wordrpess or your plugin or something like that?

    So, your plugin is working as the same way it does before March 21, isn’t it?

    Thanks for your help.

    Plugin Author Lester Chan

    (@gamerz)

    7 years, 2 months ago

    all the while it has been using wp-admin/admin-ajax.php because it is by WordPress design. If it is 403, it is not from the plugin. The plugin doesn’t return any 403 errors.

Viewing 5 replies - 1 through 5 (of 5 total)

The topic ‘Sucuri IP problem’ is closed to new replies.