GeoDirectory – Hide “/ghost-admin\/admin.php” from the HTML source

Resolved Unreal NFS
(@unrealnfs)

1 year ago
Hi,

There is a directory plugin by the name “GeoDirectory”

https://wordpress.org/plugins/geodirectory/

This plugin for some reason reveals the “admin” URL – “/ghost-admin\/admin.php” in the html source in the frontened which it shouldn’t for security reason.

Earlier, almost a year plus back, Breakdance Page Builder plugin did the same and i reported to you here and it was fixed from revealing the newly created admin path in the html source in the frontened.

GeoDirectory reveals “/ghost-admin\” in 2 places in the frontend.

CODES:
```
var geodir_location_params = {"geodir_location_admin_url":"https:\/\/www.bankaddress.org\/ghost-admin\/admin.php",
....
....
....
....
"img_spacer":"https:\/\/www.bankaddress.org\/ghost-admin\/images\/media-button-image.gif",
```
I hope this is fixed.

Thanks a lot.

Viewing 5 replies - 1 through 5 (of 5 total)

Plugin Support Peter
(@petersquirrly)

1 year ago

👋Hi,

Thank you for reaching out.

Unfortunately, if we remove the custom admin path mention from our side the plugin will not work anymore, so this is something they will need to do.

We made a support request for GeoDirectory to remove the mention and would recommend following the topic over there.

https://wordpress.org/support/topic/geodirectory-shows-custom-admin-path-set-with-wp-ghost-on-website-frontend/

Thank you for your understanding!

Thread Starter Unreal NFS
(@unrealnfs)

1 year ago

That was so great of you Peter!

Thanks.

Thread Starter Unreal NFS
(@unrealnfs)

1 year ago

Hi Peter

“GeoDirectory” – they updated their plugin and with the Version 2.8.101 – 1 of the 2 mentions of “ghost-admin” was removed from the HTML source.

But, one of them is still there, the main and the 1st one.

var geodir_location_params = {"geodir_location_admin_url":"https:\/\/www.domain.com\/ghost-admin\/admin.php",

I thought i should update you.

Yesterday, i tried to highlight that the admin-path “ghost-admin” is mentioned twice on the thread that you opened – seems like they have missed the main one as the code you posted there was not wrapped but was stretched in a single line and wasn’t completely visible – I am sure about it because, even on the github-pull request we can clearly see that they are talking about “replace media button image path” by @alexrollin and on the support thread @Stiofan was speaking about the same “media-button-image.gif” .

I can open a new thread with them if that’s what i should do. But, i thought i should let you know 1st as you know them personally – a word from plugin author to another plugin author. 🙂

Thanks.

Plugin Support Peter
(@petersquirrly)

1 year ago

Thank you for the update!

The best way to go about it would be to either write on the thread I started or make a new one, as sadly this is something out of our hands.

And also, this was our first interaction with GeoDirectory author, so I can’t say that I know them personally. 😄

In case we can be of any assistance to them in order to get it solved faster don’t hesitate to let us know.

Thread Starter Unreal NFS
(@unrealnfs)

1 year ago

Great.

God bless.

Thanks.

Viewing 5 replies - 1 through 5 (of 5 total)

The topic ‘GeoDirectory – Hide “/ghost-admin\/admin.php” from the HTML source’ is closed to new replies.