Wordpress Marketo API calls | Community
Skip to main content
Glenn_Green_Hat
Glenn_Green_Hat
Level 1
June 8, 2017
Question

Wordpress Marketo API calls

  • June 8, 2017
  • 2 replies
  • 3040 views

We've installed the Marketo Forms and Tracking by HutchHouse. This is causing more than 60-70 API calls per second to the admin_ajax which slows down the entire site.

How can this be fixed?

The function being called is marketo_ajax_get_lead.

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.

2 replies

SanfordWhiteman
SanfordWhiteman
Level 10
June 8, 2017

This vulnerability cannot be fixed while preserving functionality. Ultimately, this plugin -- like all API-consuming, user-facing widgets -- is not suitable for professional use. Any malicious user can easily rack up all your daily API calls (and a high-traffic site can exceed limits from legit use alone!).

Casey_Grimes2
Casey_Grimes2
Level 10
June 13, 2017

Hi Glenn,

There's a newer plugin that was released a few months ago I really quite like: it actually uses the REST API correctly to perform the same basic functionality.

Ultimate Marketo Forms — WordPress Plugins

SanfordWhiteman
SanfordWhiteman
Level 10
June 13, 2017

Does it really stop me from using all your API calls if I'm in the mood? How does it throttle while maintaining functionality?

Casey_Grimes2
Casey_Grimes2
Level 10
June 14, 2017

Well, I'd argue your first line there should be a WAF, adjusting your server's rate limits and modifying php.ini before even starting to worry about hardening a WordPress plugin, but let's entertain this thought.

Putting a basic PHP rate limiter to allow ajax_check_mkrto_lead() to be called once every couple of seconds (or better yet, just cookie the returned values) for prefill purposes wouldn't be that hard, and everything else uses standard Forms 2.0.

Though having user-defined rate limits on the REST API in general would be quite interesting. It's not as though separate users aren't being set up to monitor different access points as-is for the vast majority of folks.

For what it's worth, I did at least attempt to reach out to the author of this plugin a couple months ago and they didn't reply.

Terms & ConditionsAccessibility statement

Loading footer...