I have a website on WordPress with SSL installed through Cloudflare. My server has a Windows/IIS operating system.
I have a issue on the WP-INCLUDES folder returning error 403 with several WordPress and Template functions not working.
I would like to know if any of you guys know how to fix this issue and could help me. I’ve already set all permissions on IIS but without success.
If you need more details you can check the website on www.sospdf.com.br.
Thank you very much.
What are you trying to do with the wp-includes folder? I believe it is common for wp-includes to be forbidden as it can be a security liability. If you're changing something in the wp-includes folder you may want to do this through SFTP.
If pages other than /wp-includes/ are returning 403 or forbidden here are some of the most common causes:
1.) 403 caused by a wordpress plugin, particularly a poorly configured security plugin. Deactivate plugins and reactivate one at a time
2.) Corrupt .htaccess file. Download your .htaccess file via FTP so you have a back up copy. Delete .htaccess from your server and then generate a new
.htaccess by logging into your theme admin and going to settings >> permalinks
3.) Check file permissions (which is seems like you did)
More information on the rationale behind why it might be better for your WP-INCLUDES folder to return 403 can be found in the Wordpress Codex on hardening wordpress in the WP-INCLUDES section.
Related
I've a WordPress site hosted on OpenShift and I can't access my admin login page. When going to the /wp-admin or /wp-login.php pages I get a 404 / "page not found" error.
WordPress forum suggestions have advised deleting the .htaccess file at the app's root and the app shout reset the file granting me access. Because OpenShift uses a different directory structure, I can't find the correct .htaccess file specific to WordPress.
Can anyone advise?
Your .htaccess file should still be located with the core wordpress files, are you accessing the server via sftp? Are you viewing hidden files?
Should be located in /app-root/data/current/
I have no access to my FTP but I'm able to edit the web through Wordpress. Is there any way I could perhaps generate the .htaccess file through the admin framework? I know there might be a plugin to do that, but bear in mind I have no FTP access and the plugins require it to be installed.
I need the .htaccess file to redirect the user to another site.
I know this might strike you as weird and stupid, but this is due to the company's central decision to keep the site hosted by, I guess, a "friendly" hosting company. There's no way of recovering the login/password for FTP, so this might be the only solution.
Please, try posting constructive comments only, no "contact the hosting company". If I could, I would.
If your hosting company has set up wordpress correctly, then there is no way to do this, because unix permissions should make .htaccess read-only to the owner of the web server.
If the company has not done this, and if you have a way to change the templates, you might have success by creating a template that contains php code to open and write the .htaccess file.
Sample code to be put at the top of the header.php:
echo 'Current dir: ',getcwd(),"<br>\n";
if ($handle=opendir('.')) {
while (($file=readdir($handle))!==false) {
$ok=(is_writable($file) ? "ok" : "can't write");
echo "file '$file': $ok<br>\n";
}
closedir($handle);
}
This is to test you're in the root directory of your wordpress installation. It should give you the current directory, a list of all files in that directory (expect .htaccess, index.php, and various wp-* files), and their writability.
Once you've checked everything is correct, add
file_put_contents('.test', "RewriteEngine On\nRewriteRule ^(.*)$ site.com$1 [R=301,QSA,L]\n");
echo("<code><pre>-------- included file starts here\n");
include(".test");
echo("-------- included file ends here</pre></code>\n");
to the php code. This writes to a test file and includes it so you can check if everything is ok. When you've checked the file contents, replace .test with .htaccess.
WARNING: You should be VERY sure about the content of .htaccess. file_put_contents doesn't append the new string, it overwrites the whole file. Once you've written a bad .htaccess file, you might not be able to ever change it again, because the web server will redirect you to the new site instead of executing the script on the old site.
I am sorry for your situation. What is the hosting company (will keep this in mind if I ever use them). To try to help:
Do you have access to CPanel? Most hosting providers give it out of the box. Cpanel has a file manager.
Research Wordpress file managers (http://wordpress.org/plugins/wp-filemanager/)
How to edit wordpress .htaccess file from hosting Cpanel: If you are currently unable to login in your wordpress dashboard, or facing 500 internal server error. There is 90% possibility that you were editing your .htaccess file from your wordpress dashboard. In this situation you can only fix your wordpress .htaccess file by editing it from cpanel. Editing .htaccess file from wordpress dashboard is little risky with .htaccess editor plugins. If you will implement any wrong code then you might face 500 internal server error and your site might crush. So first you should take a backup of your existing .htaccess file before editing it. If you have a backup of your wordpress .htaccess file then you can upload it through your hosting cpanel also.
https://howtoways.com/how-to-edit-wordpress-htaccess-file-from-hosting-cpanel/
My website is www.thetechgears.com,a pop-up window opens up in the site leading to perfectmatch.com, but I am sure I haven't installed any ad-code, especially pop-up of this kind. I tried to figure out the location of the code but failed.
While the pop-up loads I could see some URL like anrdoezrs.net loading, this could be a hint in tracing.
Is the code located within database or somewhere else?
Check your .htaccess file in the root of your WordPress installation. Normally, when your wordpress has been compromised attackers inject code into the .htaccess file, which will redirect your site to other sites.
If your .htaccess file is clean, then check your index.php and header.php in your theme folder and also the index.php in your root folder.
I tried to figure out the malware ad-code, but couldn't locate it. So, I just re-installed everything and made the installation more secure by using WordPress security plugins like "All In One WP Security", "Better WP Security" and "Wordfence Security"
But be cautious while tweaking settings of these plugins, as over-tweaking may lock-out the site for admins too. Before installing, take a backup of your .htaccess file
I already tried to look for some solutions about this, but i didn't find any.. Maybe you guys can solve my problem.
I can't update my Wordpress page
Forbidden
You don't have permission to access /demo/myfolder/wp-admin/post.php on this server.
Apache Server at www.my-site.com Port 80
some say to delete my .htaccess file and refresh the page. that didn't work..
Right now here's the content of my .htaccess file
# BEGIN WordPress
# END WordPress
I also tried "wp-admin and right click on the very folder, give permission 777"
Internal Server Error File "/var/www/vhosts/my-site.com/httpdocs/demo/myfolder/wp-admin/post.php" is writeable by group suPHP 0.7.1
Thanks
If you have ftp access go to wp-admin and right click on the very folder, give permission 777 (if you are using Filezilla).
777 permissions are unnecessary and very insecure. See the docs at WordPress.org Changing File Permissions « WordPress Codex for the correct file/folder permission structures and how to change them with an FTP client.
If that doesn't work, ask your webhost.
I have a drupal installation in my document root, and a different application stored in one of the subdirectories.
The application in the subdirectory seems to work fine until such time as I enable htpasswd for that subdirectory. Once I enable the htpasswd protection, then reloading the url brings up the standard Drupal error message:
Page not found
The requested page could not be found.
Is there a way for me to prevent this happening, or perhaps telling drupal's htaccess file to completely ignore this subdirectory?
Just after posting this, I found the answer at http://www.chipkin.com/articles/how-to-use-htaccess-on-subfolders-with-drupal