We blocked access to anything that starts with /wp-admin/ to people outside our VPN. Your code does this to fetch the css:
<link rel=’stylesheet’ id=’ti-widget-css-google-css’ href=’https://www.aaespeakers.com/wp-admin/admin-ajax.php?action=widget_css_google’ type=’text/css’ media=’all’ />
For some reason, it is fetching the css via the admin-ajax module, rather than fetching it from a simple path e.g. /wp-content/plugins/whatever. This may be deliberate, but I am not sure it needs to use the admin-ajax endpoint to serve something that could be handled at the webserver level much more efficiently.
Looks like the issue appears to be that the CSS is being called from /wp-admin/admin-ajax.php even in non-admin contexts. Normally one might expect css to come from somewhere in /wp-content/ . We do not allow access to /wp-admin/ urls to non-admin users.
