I have issue when the path is masked.

Do you know that the “hide my wp” plugin works with Ajax?

The normal path to WordPress’s Ajax endpoint is /wp-admin/admin-ajax.php, but Loco Translate uses whatever URL is loaded into admin pages by WordPress. Your routing plugin would have to ensure this was modified along with all other admin URLs. Does it do this? What URL is it trying to access? What is assigned to window.ajaxurl? What do you see on the debug screen at /lfadmin/admin.php?page=loco-config&action=debug in the Ajax section?

Hi
My debug screen
Loco Translate:
2.4.6
WordPress:
5.5.3
PHP:
7.3.23 (cgi-fcgi)
Server:
Apache
jQuery:
1.12.4; ui/1.11.4; migrate/none
Zend OPcache:
7.3.23
Unicode
UTF-8 rendering:
ΟΚ ?
Multibyte support:
ΟΚ ?
Site character set
UTF-8 ?
Ajax
Endpoint:
/lfadmin/admin-ajax.php
JSON decoding:
ΟΚ ?
Ajax test result:
ΟΚ ?
Translation APIs
DeepL Translator:
No API key
Google Translate:
No API key
Microsoft Translator:
No API key
Yandex.Translate:
No API key
Automatic Translate Addon:
FAILED
Limits
WP_MEMORY_LIMIT:
768 MB
WP_MAX_MEMORY_LIMIT:
768 MB
PHP memory_limit:
768 MB (changeable)
PHP post_max_size:
128 MB
PHP max_execution_time:
300
Filesystem
Custom languages directory:
wp-content/languages/loco
Directory writable:
Yes
File mods disallowed:
No
File mod safety level:
Warn
Debug settings
WP_DEBUG:
Off
WP_DEBUG_LOG:
On
WP_DEBUG_DISPLAY:
On
PHP display_errors:
On
PHP log_errors:
On
PHP error_log:
php_errorlog

I did not know that the Hide my wp plugin works with AJAX
When I am going to save the changes I am at this URL https://www.luxflow.in/lfadmin/admin.php?path=languages%2Fplugins%2Fuser-switching-es_ES.po&bundle=user-switching%2Fuser-switching.php&domain=user-switching&page=loco-plugin&action=file-edit

Thank you

Ok, so it does rewrite the ajaxurl to /lfadmin/admin-ajax.php. That’s good.

Presumably you need some Apache rewrite to make this work. Perhaps that’s where your problem is. What do you get back from the server for these rewritten Ajax requests?

Sorry, Where can I see that?

https://localise.biz/wordpress/plugin/faqs/ajax-errors#debug

I found this message

“The page you are trying to access is restricted due to a security rule.

If you believe the security rule is affecting the normal operation of your website, contact your host support team and provide detailed instructions how to recreate this error.
They will be able to assist you with rectifying the problem and adjusting the security configuration if needed.”

There we have it. You have a security rule blocking normal functionality of my plugin.
Why this happens only when you rewrite admin urls, I cannot guess.

I don’t provide support configuring servers, so I suggest you follow the advice in your message.

Do you think it has to do with the Hide my wp plugin?

It is clearly “to do with” using Hide my WP as you’ve demonstrated that in your video. However, that doesn’t mean it’s at fault. It also doesn’t mean my plugin is at fault either.

I cannot guess at what is triggering your security rules. This symptom may even be masking the root cause. You will have to get to the bottom of it yourself.

Hi Tim W
I already solved my problem. I contacted the hosting support. I had this answer
” The plugin was triggering one of the mod security rules which was the reason for the issue.

I have disabled that specific rule for your website so it should not cause issues anymore.”

Than you for you helping..

Thanks for posting back.

It would be useful to know which rule was bring triggered, and why. This will help the hundreds of other people who report this and similar issues.

Hi Tim..
This was his answer

My colleague has added the following rule in the .htaccess file in the public_html in order to stop the Mod Security rule:

<IfModule mod_security.c>
SecFilterRemove 000022
</IfModule>

The rule that has been stopped in Mod Security is the following:

SecFilterSelective REQUEST_URI “!(/wp-admin/theme-editor|/administrator/index|/wp-admin/admin-ajax)\.php” “chain,id:000022”

Please note that disabling any security rule can lead to a vulnerability as that is why the rules been placed in the first place.

If the plugin developers resolve the issue you can just remove the above-mentioned .htaccess rule and the Mod Security rule that we disabled will be active again.

Hi Tim..
What do you think about what I sent you?

I don’t understand what the rule is, why it was being triggered, or what “issue” they are suggesting I need to resolve.

Hi Tim
For your plugin to work on my site I have to add this rule in the .htacces
<IfModule mod_security.c>
SecFilterRemove 000022
</IfModule>

The rule that has been stopped in Mod Security is the following:

SecFilterSelective REQUEST_URI “!(/wp-admin/theme-editor|/administrator/index|/wp-admin/admin-ajax)\.php” “chain,id:000022”

So it is absurd that I have to add this rule in my wordpress configuration. I have other sites and the same happens. I don’t want to add this rule because my site may be compromised against cyber attacks.

I hope you can help me.