Hummingbird Output Reveals Admin URL

  • Resolved Fibro Jedi

    (@fibrojedi)


    2 years, 8 months ago

    Hi there,

    Despite the fact that I have various precautions in place to stop brute force logins, including obscuring the admin URL, such attempts are still happening. After looking around and contacting the security plugin directly, my attention has been drawn to something Hummingbird outputs.

    Now, this could get complicated. Here’s the code:
    var codepeople_search_in_place = {"own_only":"1","result_number":"5","more":"More Results","empty":"0 results","char_number":"10","root":"\/\/fibrojedi.me.uk\/ADMINURL\/","home":"https:\/\/fibrojedi.me.uk","summary_length":"20","

    This is visible to logged out users. (I have 2FA auth, so no one will get in, the issue is attempting to log in should be impossible).

    The reason I think this is Hummingbird-related is because of the id on the script tag ( id=”wphb-2-js-extra”)

    The code above draws from a separate plugin that powers my site’s search “Search in Place”. I will be setting up a thread with them also. But the fact remains that hummingbird still outputs this on the page.

    What can I do to prevent this happening please?
    Thanks,

    PS: if Search in Place have a solution before you get back to me, I’ll let you know and close this thread. Thank you.

    • This topic was modified 2 years, 8 months ago by Fibro Jedi.
    • This topic was modified 2 years, 8 months ago by Fibro Jedi. Reason: Reduced a code snippet, added a bit more info and removed a name into the post I did not mean to use
Viewing 2 replies - 1 through 2 (of 2 total)

  • Hello @fibrojedi !

    Hope you’re doing well today!

    I think in this case it’s just happening because Hummingbird processes the files you have on the site and adds them in various places to improve the performance. It will not change the contents of the files besides compressing them, but in this case the strings like the admin URL will not be changed.

    So basically this is an actual file from the Search in Place plugin that contains the admin URL, being processed by Hummingbird and then added back to the page (with the ID to let you/us know what was done for debugging purposes).

    Pretty sure the Search in Place support will be able to track the issue for you in this case. My guess is that they are adding that URL because they need to run some background request using Ajax, that’s what it seems to be at least on quick glance.

    Warm regards,
    Pawel

    Thread Starter Fibro Jedi

    (@fibrojedi)

    Yes, I’m inclined to agree with that, so thank you. My thread with Search in Place is active, thankfully, so I’ll continue it with them.

    Thanks so much for replying though, especially as it’s primarily not a Hummingbird problem ??

    FJ

    • This reply was modified 2 years, 8 months ago by Fibro Jedi.
Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Hummingbird Output Reveals Admin URL’ is closed to new replies.