Google Server (Browser) Key for WPSLP

Get  Google API Keys

This section pertains to the WordPress Store Locator Plus plug-in   which is the free base plugin for those WordPress administrators who are controlling the plugin and updates.  If you are a subscriber to  MySLP, our fully managed locator SaaS service, you can ignore this page.

Before you get started you will need to get a Google Maps Javascript API Key.

Please note, there are some misleading instructions in the Google developer console telling you to  create a browser-restricted API key when you move your site to production. You do not need to include any restrictions  but if you do then you will also need a second unique key to add in the second field under the SLP/General settings the Geocoding API key.  Either way you must “enable” both the Maps  and Geocoding APIs. Updates to how Google APIS are deployed and the explanation can be found in Google Platform  When you create your project , obtain  your Maps Javascript API  .  The geocoding API is now contained under the “Places” API. The APIS you will need  are now contained under Maps, and Places.  Check to see that both boxes are enabled for your project. View the support documents under Google Product updates for more information. They have added many different APIs. The ones you need for WPSLP to work properly are the two in the screenshot below, referred to as Maps Javascript and geocoding (not to be confused with geolocation). The Geocoding API  converts addresses into geographic coordinates (geocoding), which you can use to place markers or position the map. This API also allows you to convert geographic coordinates into an address (reverse geocoding).

Step 1: Go To the Google Developer Site

Google Geocoding and Browser keys

This article effects the WordPress StoreLocatorPlus  users “Do it yourself “

MAP Service and API Keys

Changes as of June 11, 2018 will effect the WordPress Store Locator Plus (DIY) community.  Google requires all sites  using map services to have an API key with a billing account attached. See Google Developers console.

The Browser key is used to display the map and handle user-input addresses during a location search.  The Geocoding API  is used on your WordPress server to geocode locations you’ve entered via the Google “Places” box and  APIs. You do not need the additional geocoding “key”   unless you have added referrer restrictions.  You do however, need to have the geocoding API enabled in your Google projects library.

General Settings

There are settings under the General tab for Admin , User Interface, Server, and Data. This documentation has been updated to reflect the Google API changes

Admin

The Admin tab is where your SLP Premier subscription Accounts ID , Add-on packs User info , and Update Notices are located. There is also a Reset Manage Locations button available for use to reset the back end Manage Locations  display page to the default view (10 locations per  page view). This feature was previously only available with the free SLP  Janitor Add-on.
2016general-admin
There is also a Locations management option  to Highlight the locations that are not geo-coded on the Panel that displays your entered locations.

Blocking Locator Requests By Query Volume

Premier Members with an active subscription and MySLP Enterprise level users can restrict the number of locator queries that can be made by a single IP address.   This feature can help prevent “location list theft” where a competitor uses the locator to scrape location information from a website or JavaScript query.

Note: In order to enable these settings you must enter your Premier Subscription user ID and Subscription ID under the General / Admin tab.  When entered correctly the notice under “Add On Packs , Subscription Accounts” will tell you your subscription is validated.   This feature is only functional while your subscription is active.

Entering subscription data for Premier Subscriptions. A valid subscription will look similar to the status notification here.

When your subscription has been validated you will see new options available to you under several Store Locator Plus tabs.    The new Security settings will appear under the General tab, Server subtab as shown below.

New security settings for blocking locator requests based on volume of queries.

Block Requests Limit

This is the maximum number of location searches a user can perform within the Block Requests Time Span before their IP address is blocked from all locator requests.

This should be set to an integer value greater than 0.

The first page load request from an IP address is always allowed, even if this setting is 0.

If this is set to “2” and the Block Request Time Span is set to “Hour” the system will allow 2 location searches before the IP address is blocked.

The initial loading of the locator page will count as a “search” if you have the default “show locations at startup” enabled.

Changing this parameter will not release already-blocked IP addresses.

Block Requests Time Span

This setting determines over which period of time the locator request limit is checked.   A user that has more than the Block Requests Limit number of locator searches performed in this time period will cause their IP address to be blocked from future location searches until their IP is “released” from the block list.

Setting this value to Never will disable the IP blocking system.

Changing this parameter will not release already-blocked IP addresses.

Release IP After

This is the maximum amount of time a request is “remembered” for a given IP address.   Once this amount of time has passed since the most recent location request that triggered the block the IP address is “released” and once again free to perform location searches.

IP Whitelist

A list of IP addresses that will not be tracked by the blocker.   This allows unlimited location lookups from these IP addresses.

Each address entry should be on a separate line.

Uses standard Classless Inter-Domain Routing (CIDR) format.   Typical entries include:

  • Whitelist a specific IP address: 192.168.1.1
  • Whitelist an entire C-class block: 192.168.1.0/24

Related Notes

Keep in mind that an IP address is not a unique “user” or “computer”.  Many locations share an IP address such as a hotel or your local Starbucks.    The limitations will apply to the entire group of users from the same shared IP address.

Once an IP address has been blocked, subsequent location requests are not tracked until the block has been released.  This design lessens the server load in both volume of data stored and data I/O requests.   It helps alleviate issues from possible denial-of-service type attacks where a bot loading requests in rapid succession could overwhelm the data storage and/or database I/O processing.

 

 

Blocking Locator Requests was added in the Premier Plugin version 4.7.11.