Real Time Tracking and Site Security

New home Forums Gold Add-on Real time location tracking Real Time Tracking and Site Security

This topic contains 7 replies, has 3 voices, and was last updated by  howarde 1 year, 8 months ago.

Viewing 8 posts - 1 through 8 (of 8 total)
  • Author
    Posts
  • #33278

    howarde
    Member

    Hi.

    Love the plugin… questions about the real time tracking and using some security for the wp-admin.

    1) Typically I use .htaccess security on the wp-admin. It appears as though the plugin uses the admin-ajax to push to the site? Or is it the REST API? Either way… if the .htaccess security to restrict the wp-login.php is enabled, then the real time tracking doesn’t work.

    2) If I can’t do #1 I use the WP Cerber plugin which restricts several things, or allows for the renaming of the wp-login.php page. Doing this causes the real time tracking to stop working.

    Any thoughts or suggestions?

    Thanks
    Howard

    #33279

    Hi Howard,

    Thanks for getting in touch with us.

    The plugin does make use of admin-ajax as far as I know.

    I have asked one of the developers to take a look at this for you and see if there is a solution and he should be in touch soon.

    Thanks for your time.

    Kind regards,
    Dylan

    #33288

    Perry
    Moderator

    Hi Howarde

    Thanks for getting in touch, Perry here from the development team.

    The tracking app uses a RESTful system to the best of my knowledge, however I’m unable to double check this at the moment as the app source isn’t available to me right now,

    I can inspect the source for that in a few days and get back to you with a concrete answer if that helps?

    In the mean time, as a workaround you could allow access to admin-ajax.php or allow access from your device in .htaccess, would that work for you?

    Kind regards
    – Perry

    #33293

    howarde
    Member

    Hi Guys.

    After further investigation, it seems as though if I suspend the basic authentication for the wp-login.php until the initial auth takes place (between the Android App and the WPGMAP) for the devices being tracked in real time, and then enable the .htaccess auth, that it works fine, and the actual data push doesn’t need the wp-login.php to be available.

    I’m having the website owner have two dedicated devices for the real time tracking, so I’ll keep you posted on how this works. We’re using this plugin to track two “water taxis” along their routes.

    Thanks
    Howard

    #33295

    Perry
    Moderator

    Hi Howard

    Thank you for reporting this!

    Please do let us know how you get on.

    Kind regards
    – Perry

    #33385

    howarde
    Member

    So far this seems to work fine.

    One other question though, maybe I didn’t see it in the docs? Is there a way to set the timezone of the tracked item to be the same as the site’s default? I have the site’s timezone as NewYork.

    #33390

    howarde
    Member

    So to conclude on this – FYI

    Once you authenticate the device(s), you can enable any blocks to wp-login.php via .htaceess, and the app still functions normally.

    #33400

    Perry
    Moderator

    Hi Howard

    There are no settings regarding the time zone of the tracked item, sorry about that.

    Thanks very much for reporting this, we’ll look into this as soon as possible but in the mean time thank you for reporting the workaround.

    Is there anything else we can help you with?

    Kind regards
    – Perry

Viewing 8 posts - 1 through 8 (of 8 total)

You must be logged in to reply to this topic.