Refers to FiboSearch Pro only

Known conflicts with security plugins

We notice several conflicts with popular security plugins. 

Table of Contents

iThemes Security

Reason

When the SecuritySettingsAdvancedSystem TweaksDisable PHP in Plugins option is enabled, all AJAX calls of the live search will be blocked. You could disable this option, but we have a more secure solution.

Solution

When you enable the Disable PHP in Plugins option, iThemes Security adds the following code to your .htaccess file:

This line requires a small change to make it work with FiboSearch. We have to exclude the FiboSearch endpoint path from the RewriteRule. Follow these steps:

Step 1 – Add a custom code

Add the following code to your website:

add_filter( 'itsec_filter_apache_server_config_modification', function ( $modification ) {
	$modification = str_replace( 'RewriteRule ^wp\-content/plugins/.*\.(?:php[1-7]?|pht|phtml?|phps)\.?$ - [NC,F]', 'RewriteRule ^wp\-content/plugins/(?!ajax\-search\-for\-woocommerce\-premium/includes/Engines/TNTSearchMySQL/Endpoints/search\.php).*\.(?:php[1-7]?|pht|phtml?|phps)\.?$ - [NC,F]', $modification );

	return $modification;
}, PHP_INT_MAX - 5 );

Learn how to add this snippet to your WordPress.

Step 2 – Save the iThemes security settings again

Go to SecuritySettingsAdvancedSystem Tweaks, uncheck the “Disable PHP in Plugins” option and save the settings. Immediately after this step, check it again and save the settings one more time. Thanks to this, iTheme security should add a changed version of RewriteRule in your .htaccess file. 

As a result, your website will be protected against PHP execution in the plugins directory, but the FiboSearch endpoint will be excluded from these restrictions.

Sucuri Security

Reason

The Sucuri security firewall may block AJAX calls of the live search.

Solution

  1. You need to log in to your Sucuri panel https://login.sucuri.net
  2. Go to the settings
  3. Find section Access Control → whitelist URL
  4. Add the following URL to the white list:
https://your-domain.com/wp-content/plugins/ajax-search-for-woocommerce-premium/includes/Engines/TNTSearchMySQL/Endpoints/search.php

WP Defender by WPMU DEV

Reason

The WP defender may disable PHP execution from the plugins directory. Then AJAX calls of the live search will be blocked.

Solution

Go to DefenderRecommendationsActionedPrevent PHP execution and add the search.php file as an exception.

Still not working?

Some security plugins don’t clean up after themselves. Try to check manually if you have security rules added to /wp-content/.htaccess or /wp-content/plugins/.htaccess.

NGINX configuration blocks AJAX endpoint

Certain NGINX configurations may prevent the execution of PHP files located directly within the plugins directory. There is no universal solution, as the issue depends on the specific NGINX configuration in use.

We suggest reaching out to your hosting provider to request permission to execute the following file:

https://your-domain.com/wp-content/plugins/ajax-search-for-woocommerce-premium/includes/Engines/TNTSearchMySQL/Endpoints/search.php

There are a few samples of NGINX config which have helped other users.

  1. Adding extra rules to /usr/local/nginx/conf/wpsecure_${vhostname}.conf
# Whitelist Exception for FiboSearch endpoint
location ~ ^/wp-content/plugins/ajax-search-for-woocommerce-premium/includes/Engines/TNTSearchMySQL/Endpoints/ {
  include /usr/local/nginx/conf/php.conf;
}

The ultimate solution when nothing else works

There is a separate guide for cases where the search endpoint URL is still blocked.