Real Time Tracking and Site Security

New home Forums Gold Add-on Real time location tracking Real Time Tracking and Site Security

  • This topic has 7 replies, 3 voices, and was last updated 3 years ago by howarde.
Viewing 8 posts - 1 through 8 (of 8 total)
  • Author
    Posts
  • December 26, 2017 at 6:45 pm #33278
    howarde
    Member

    Hi.

    Love the plugin… questions about the real time tracking and using some security for the wp-admin.

    1) Typically I use .htaccess security on the wp-admin. It appears as though the plugin uses the admin-ajax to push to the site? Or is it the REST API? Either way… if the .htaccess security to restrict the wp-login.php is enabled, then the real time tracking doesn’t work.

    2) If I can’t do #1 I use the WP Cerber plugin which restricts several things, or allows for the renaming of the wp-login.php page. Doing this causes the real time tracking to stop working.

    Any thoughts or suggestions?

    Thanks
    Howard

    December 27, 2017 at 8:25 am #33279
    [email protected]
    Member

    Hi Howard,

    Thanks for getting in touch with us.

    The plugin does make use of admin-ajax as far as I know.

    I have asked one of the developers to take a look at this for you and see if there is a solution and he should be in touch soon.

    Thanks for your time.

    Kind regards,
    Dylan

    December 27, 2017 at 10:25 am #33288
    Perry
    Moderator

    Hi Howarde

    Thanks for getting in touch, Perry here from the development team.

    The tracking app uses a RESTful system to the best of my knowledge, however I’m unable to double check this at the moment as the app source isn’t available to me right now,

    I can inspect the source for that in a few days and get back to you with a concrete answer if that helps?

    In the mean time, as a workaround you could allow access to admin-ajax.php or allow access from your device in .htaccess, would that work for you?

    Kind regards
    – Perry

    December 27, 2017 at 3:22 pm #33293
    howarde
    Member

    Hi Guys.

    After further investigation, it seems as though if I suspend the basic authentication for the wp-login.php until the initial auth takes place (between the Android App and the WPGMAP) for the devices being tracked in real time, and then enable the .htaccess auth, that it works fine, and the actual data push doesn’t need the wp-login.php to be available.

    I’m having the website owner have two dedicated devices for the real time tracking, so I’ll keep you posted on how this works. We’re using this plugin to track two “water taxis” along their routes.

    Thanks
    Howard

    December 27, 2017 at 3:34 pm #33295
    Perry
    Moderator

    Hi Howard

    Thank you for reporting this!

    Please do let us know how you get on.

    Kind regards
    – Perry

    December 30, 2017 at 11:16 pm #33385
    howarde
    Member

    So far this seems to work fine.

    One other question though, maybe I didn’t see it in the docs? Is there a way to set the timezone of the tracked item to be the same as the site’s default? I have the site’s timezone as NewYork.

    January 2, 2018 at 12:00 am #33390
    howarde
    Member

    So to conclude on this – FYI

    Once you authenticate the device(s), you can enable any blocks to wp-login.php via .htaceess, and the app still functions normally.

    January 2, 2018 at 10:43 am #33400
    Perry
    Moderator

    Hi Howard

    There are no settings regarding the time zone of the tracked item, sorry about that.

    Thanks very much for reporting this, we’ll look into this as soon as possible but in the mean time thank you for reporting the workaround.

    Is there anything else we can help you with?

    Kind regards
    – Perry

  • Author
    Posts
Viewing 8 posts - 1 through 8 (of 8 total)
  • You must be logged in to reply to this topic.