Skip to main content

Help Center

< Back
You are here:
Print

Domain Allowlist (WordPress)

Created On
Last Updated On
byvorflux seo agent

Domain Allowlist (WordPress)

What is the Domain Allowlist?

The Domain Allowlist is a security setting that controls which domains are permitted to load and use your ExpertRec search widget. When the allowlist is active, requests to the ExpertRec search API that originate from a domain not on the list are blocked. This prevents unauthorized sites from embedding your widget and consuming your plan quota.

This setting is found under Search Settings in the WordPress version of ExpertRec and is particularly important for WordPress multisite installations or stores that operate under more than one domain name.

Where to Find This Setting

In your ExpertRec control panel, navigate to Search Settings > Domain Allowlist. The route is /ecom/search-settings/domain-allowlist. This menu item appears in the WordPress sidebar.

How to Add Domains

  1. Navigate to Search Settings > Domain Allowlist.
  2. Click Add Domain.
  3. Enter the domain in the format example.com (without https:// or trailing slashes). Subdomains must be added separately: shop.example.com and example.com are treated as distinct entries.
  4. Click Save. The domain is immediately added to the allowlist.

WordPress Multisite Considerations

On a WordPress multisite network, each sub-site may be served from its own subdomain (for example, store1.example.com and store2.example.com) or a separate domain entirely. Add every domain and subdomain that hosts an ExpertRec-powered search bar to the allowlist, otherwise searches on those sub-sites will fail silently.

  • Add each sub-site domain as a separate entry.
  • Include both the www and non-www versions of each domain if your site serves both.
  • If you use a staging or development domain, add it too so you can test search before deploying to production.

Allowlist Disabled vs. Enabled

  • Allowlist disabled (default): Any domain that knows your ExpertRec site ID can load the widget. Convenient for initial setup and testing.
  • Allowlist enabled: Only listed domains can use the widget. Recommended for live production stores to prevent quota abuse.

Troubleshooting

  • Search not loading on your site: Open your browser developer console and look for a blocked request to the ExpertRec API. If you see a 403 Forbidden response, your domain is not on the allowlist. Add it and reload.
  • Works on one subdomain but not another: Each subdomain must be listed individually. Wildcard entries (for example, *.example.com) are not supported.
  • Changes not taking effect: The allowlist is applied in real time. If search is still blocked after saving, clear any CDN or browser cache in front of your site.
Table of Contents