We notice several conflicts with popular security plugins.
Table of Contents
- iThemes Security
- Sucuri Security
- WP Defender by WPMU DEV
- Still not working?
- NGINX configuration blocks AJAX endpoint
- The ultimate solution when nothing else works
iThemes Security
Reason
When the Security → Settings → Advanced → System Tweaks → Disable PHP in Plugins option is enabled, all AJAX calls of the live search will be blocked.
Solution
You could disable this option, but we have a more secure solution. After saving this option, iThemes Security adds the following code to your .htaccess file:
This line requires a small change to make it work with FiboSearch. We have to exclude the FiboSearch endpoint path from the RewriteRule. Follow these steps:
Step 1 – Add a custom code
You can add the code in two ways:
- Open the
functions.phpin your child theme and add the code at the end - Install the Code Snippets plugin and apply this code as a snippet.
add_filter( 'itsec_filter_apache_server_config_modification', function ( $modification ) {
$modification = str_replace( 'RewriteRule ^wp\-content/plugins/.*\.(?:php[1-7]?|pht|phtml?|phps)\.?$ - [NC,F]', 'RewriteRule ^wp\-content/plugins/(?!ajax\-search\-for\-woocommerce\-premium/includes/Engines/TNTSearchMySQL/Endpoints/search\.php).*\.(?:php[1-7]?|pht|phtml?|phps)\.?$ - [NC,F]', $modification );
return $modification;
}, PHP_INT_MAX - 5 );
Step 2 – Save the iThemes security settings again
Go to Security → Settings → Advanced → System Tweaks → Uncheck the option “Disable PHP in Plugins” and save the settings. Immediately after this step, check it again and save the settings one more time. Thanks to this, iTheme security should add a changed version of RewriteRule in your .htaccess file.
As a result, your website will be protected against PHP execution in the plugins directory, but the FiboSearch endpoint will be excluded from these restrictions.
Sucuri Security
Reason
The Sucuri security firewall may block AJAX calls of the live search.
Solution
- You need to log in to your Sucuri panel https://login.sucuri.net.
- Go to the settings
- Find section Access Control → whitelist URL
- Add the following URL to the white list:
https://your-domain.com/wp-content/plugins/ajax-search-for-woocommerce-premium/includes/Engines/TNTSearchMySQL/Endpoints/search.php
WP Defender by WPMU DEV
Reason
The WP defender may disable PHP execution from the plugins directory. Then AJAX calls of the live search will be blocked.
Solution
Go to Defender → Recommendations → Actioned → Prevent PHP execution and add the following "search.php” file as an exception
Still not working?
Some security plugins don’t clean up after themselves. Try to check manually if you have security rules added to, for example, .htaccess in the following paths:
wp-content/.htaccess
wp-content/plugins/.htaccess
NGINX configuration blocks AJAX endpoint
Some nginx configurations may block the execution of PHP files included directly in the plugins directory. There is no one solution. It just depends on your NGINX configuration.
We recommend contacting your hosting provider and asking permission to execute the following file:
https://your-domain.com/wp-content/plugins/ajax-search-for-woocommerce-premium/includes/Engines/TNTSearchMySQL/Endpoints/search.phpThere are a few samples of nginx config which have helped other users.
- Adding extra rules to
/usr/local/nginx/conf/wpsecure_${vhostname}.conf
# Whitelist Exception for FiboSearch endpoint
location ~ ^/wp-content/plugins/ajax-search-for-woocommerce-premium/includes/Engines/TNTSearchMySQL/Endpoints/ {
include /usr/local/nginx/conf/php.conf;
}
The ultimate solution when nothing else works
There is a separate guide for cases where the search endpoint URL is still blocked.