New home › Forums › Gold Add-on › Real time location tracking › Real Time Tracking and Site Security
- This topic has 7 replies, 3 voices, and was last updated 3 years ago by howarde.
-
AuthorPosts
-
December 26, 2017 at 6:45 pm #33278howardeMember
Hi.
Love the plugin… questions about the real time tracking and using some security for the wp-admin.
1) Typically I use .htaccess security on the wp-admin. It appears as though the plugin uses the admin-ajax to push to the site? Or is it the REST API? Either way… if the .htaccess security to restrict the wp-login.php is enabled, then the real time tracking doesn’t work.
2) If I can’t do #1 I use the WP Cerber plugin which restricts several things, or allows for the renaming of the wp-login.php page. Doing this causes the real time tracking to stop working.
Any thoughts or suggestions?
Thanks
HowardDecember 27, 2017 at 8:25 am #33279[email protected]MemberHi Howard,
Thanks for getting in touch with us.
The plugin does make use of admin-ajax as far as I know.
I have asked one of the developers to take a look at this for you and see if there is a solution and he should be in touch soon.
Thanks for your time.
Kind regards,
DylanDecember 27, 2017 at 10:25 am #33288PerryModeratorHi Howarde
Thanks for getting in touch, Perry here from the development team.
The tracking app uses a RESTful system to the best of my knowledge, however I’m unable to double check this at the moment as the app source isn’t available to me right now,
I can inspect the source for that in a few days and get back to you with a concrete answer if that helps?
In the mean time, as a workaround you could allow access to admin-ajax.php or allow access from your device in .htaccess, would that work for you?
Kind regards
– PerryDecember 27, 2017 at 3:22 pm #33293howardeMemberHi Guys.
After further investigation, it seems as though if I suspend the basic authentication for the wp-login.php until the initial auth takes place (between the Android App and the WPGMAP) for the devices being tracked in real time, and then enable the .htaccess auth, that it works fine, and the actual data push doesn’t need the wp-login.php to be available.
I’m having the website owner have two dedicated devices for the real time tracking, so I’ll keep you posted on how this works. We’re using this plugin to track two “water taxis” along their routes.
Thanks
HowardDecember 27, 2017 at 3:34 pm #33295PerryModeratorHi Howard
Thank you for reporting this!
Please do let us know how you get on.
Kind regards
– PerryDecember 30, 2017 at 11:16 pm #33385howardeMemberSo far this seems to work fine.
One other question though, maybe I didn’t see it in the docs? Is there a way to set the timezone of the tracked item to be the same as the site’s default? I have the site’s timezone as NewYork.
January 2, 2018 at 12:00 am #33390howardeMemberSo to conclude on this – FYI
Once you authenticate the device(s), you can enable any blocks to wp-login.php via .htaceess, and the app still functions normally.
January 2, 2018 at 10:43 am #33400PerryModeratorHi Howard
There are no settings regarding the time zone of the tracked item, sorry about that.
Thanks very much for reporting this, we’ll look into this as soon as possible but in the mean time thank you for reporting the workaround.
Is there anything else we can help you with?
Kind regards
– Perry -
AuthorPosts
- You must be logged in to reply to this topic.