Home › Forums › Lite Version › Security Issue In Masonry Plugin
- This topic has 1 reply, 2 voices, and was last updated 5 years, 6 months ago by
Masonry Guy.
- AuthorPosts
J.G.
GuestFYI: You are making calls directly to URL’s in the wp-admin directory from your plugin. This is considered by many to be a poor security practice and can cause problems on WordPress sites with some security configurations. For example, your plugin doesn’t work in my site because I have additional security on that directory.
The specific call is to
http://[site]/wp-admin/admin-ajax.php?action=wml_load_posts&shortcodeId=2&pageNumber=1&randSeed=xxxxxxxxAnd results in a “Failed to load resource: the server responded with a status of 401 (Unauthorized)” error if there is security on that directory.
Masonry Guy
KeymasterHi JG,
Thank you so much for pointing out this. I will check into this in details.
Do you have any suggestion as a solution ? I can see that most of the plugin use this method and even wordpress has documented this for ajax call.
Thanks
- AuthorPosts