Admin email exposed in front end javascript

  • Resolved 1WL Agency

    (@ts1wl)


    5 years, 6 months ago

    Is there any reason that the administrator email for the website is exposed in the front end javascript?

    In the variable gmwVars there is a parameter nominatim_email which contains the websites wordpress administrators email?

    Aside from being a bit of a security issue, I am recieving an increasing amound of SEO spam for the client website. I suspect they scape websites to find email addresses and sell them on to these ‘seo’ companies.

    This plugin works great and I will continue to use it, but I just wanted to see if there was a way of removing the email from the source code.

Viewing 1 replies (of 1 total)
  • Plugin Author Eyal Fitoussi

    (@ninjew)

    5 years, 5 months ago

    Hello @ts1wl,

    We need to provide an email address ( instead of an API key ) when using Nominatim and LeafLet as the geocoding/mapping provider. And when passing the email address to the script, it gets populated on the page ( hidden from the front-end user of course ).

    It might still work without an email address in the Settings page, so you can give it a try. Navigate to the dashboard -> GEO my WP -> Settings -> Maps & Geocoders and remove the email address.

    I hope this helps.

    • This reply was modified 5 years, 5 months ago by Eyal Fitoussi.
Viewing 1 replies (of 1 total)

The topic ‘Admin email exposed in front end javascript’ is closed to new replies.