Google API keys public visible in source code

  • johannes68

    (@johannes68)


    2 years ago

    I got a warning from Google stuff, about my Google API key public visible on website. On further investigation, I found it really published in site source code by leaflet mapsmarker plugin.
    This is an absolute no-go, the API key should never ever be public visible in the site sourcecode through any plugin.

Viewing 1 replies (of 1 total)

  • Hi Johannes,

    thank you for expressing your concerns about the Google API key being publicly visible on your website. For any plugin, including ours, to utilize the Google Maps JavaScript API as per Google’s documentation, the API key must be loaded in the source code on the page where the map is displayed.

    I would like to clarify that the Leaflet Maps Marker plugin is a third-party plugin for WordPress, and it is not directly related to the Google Maps JavaScript API. However, I will provide you with some guidance on how to mitigate this issue.

    To help protect your Google API key, please follow the steps below:

    1. Regenerate your API key: To ensure that your current API key remains secure, please go to the Google Cloud Console (https://console.cloud.google.com/), navigate to the “Credentials” section under the “APIs & Services” menu, and regenerate your API key.
    2. Restrict your API key: In the Google Cloud Console, you can set restrictions on your API key to limit its usage to specific IP addresses, referrers, or apps. This will help prevent unauthorized access to your API key. To learn more about how to restrict your API key, please follow this guide: https://www.mapsmarker.com/kb/user-guide/google-maps-javascript-api (section “Optional steps (recommended)”.

    If you have any questions or need further assistance, please don’t hesitate to ask.

    Best regards,

    Robert

Viewing 1 replies (of 1 total)
  • The topic ‘Google API keys public visible in source code’ is closed to new replies.