What parts of the wp-admin folder is it using?

[Bill]

We use IP filtering to deny access to the wp-admin folder from outside addresses.  This is great for security and hasn’t caused any issues with other plugins.  However, we quickly realized that external customers (who are blocked from wp-admin) can’t use the search.  They type in a search and hit go, but the plugin just doesn’t respond.  It is clearly not letting the request happen from a non-whitelisted address, confirmed by changing the blocking between two searches, but it doesn’t look to be just admin-ajax.php because I tried doing that one on it’s own.  Anyone crazy enough to do this kind of IP filtering can rig selective file access so just documentation of what is needed should cover it. I’m not much of a web developer so I can’t seem to trace what it is touching.  Where would I be looking?

Store Locator Plus:4.4.23
Pro Pack:4.4
This Info Cached:1457024448
WordPress Version:4.4.2
MySQL Version:5.5.43
PHP Version:5.5.9-1ubuntu4.11
PHP Limit:256M
WordPress General Limit:40M
WordPress Admin Limit:256M
PHP Peak RAM:20 MB
PHP Post Max Size:8M

[Cici]

I am not sure I understand your question: There is nothing in SLP that will prevent anyone from searching on your  Public webpage. The search queries google and therefor cannot have AJAX blocked.

 

You can view some tips here: Troubleshooting

 

[Bill]

It appears the only thing it needs is admin-ajax.php after all, the rest of the folder can still be locked out for the security focused.  The directives to isolate just the one file took me a minute so here it is if anyone else wants it.

#allows anyone to use admin-ajax.php but only certain IPs can access the rest of the wp-admin folder
<Directory [fullpath]/wp-admin>
Order allow,deny
allow from 192.168.0.1
allow from 192.168.0.2
allow from 192.168.0.3
<Files admin-ajax.php>
Order deny,allow
</Files>
</Directory>

[Author]

Posts