Recently updated to WordPress 4.9.9 or 5.0.1 and your CSV file imports for Store Locator Plus® stopped working? It is now fairly common to see a “file type is not permitted” error when uploading files. You can thank yet another “WordPress security feature” — also known as “backwards compatibility break”. This “update” came with absolutely no warning to plugin developers.
This does not affect our Store Locator Plus® SaaS users thanks to our fully managed software stack, so they can rest easy and continue to import locations.
The basic configuration of Google API Keys tells you to turn off ALL restrictions on the first API key you setup with Google. Turns out a lot of people have issues with configuring the keys properly and getting them put in the right place.
To make matters more complicated, some lower-end web hosting companies don’t understand security and in turn shut off critical web services that do nothing to improve security; Like disabling all communication between the web server and Google. That breaks things like the ability to Geocode locations in Store Locator Plus®.
This article is here to tell our WordPress plugin users how to properly secure their Google API keys for web hosts are configured properly.
Security Through Anonymity
Prior to Store Locator Plus® 5, every time a user visited your map page and typed in an address to be searched — typically the zip code for their town or their home address, this request was sent directly to Google. That means Google now has all kinds of great information they are going to store about your site visitors. They know that the user visited your site, when they visited, that they were looking at your location map, and the address where they were looking for your shop.