Join the community today
Become a Member

Wordpress 403 forbidden when executing some php scripts

Discussion in 'Blogs & CMS usage' started by paddy, Mar 21, 2016.

  1. paddy

    paddy New Member

    27
    0
    1
    Nov 27, 2014
    Ratings:
    +0
    Local Time:
    8:20 PM
    1.7.7
    MariaDB 5.5
    hi eva greetz! ,

    i got some php that cant be execute , it says 403 forbidden , i've chwon -R nginx:nginx to new install wordpress and also i tried to chmod 777 but not succeed.

    i can open my wordpress sites , only some of the php cant be load
    here is the screenshoot

    Screenshot by Lightshot


    thank you before Eva.
     
  2. eva2000

    eva2000 Administrator Staff Member

    55,811
    12,272
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,858
    Local Time:
    11:20 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    1. How did you install wordpress ?
    2. What wordpress plugin does the url or php belong to ?
    3. Which Centmin Mod version 123.08stable or 123.09beta01 ?
    4. Was it via centmin.sh menu option 22 auto installer Wordpress Nginx Auto Installer (WP Super Cache) ? If so the default wpsecure conf file at /usr/local/nginx/conf/wpsecure_${vhostname}.conf where vhostname is your domain name, blocks php scripts from executing in wp-content for security
    Below links you can see examples of setting up specific wordpress location matches to punch a hole in the wpsecure blocking to whitelist specific php files that need to be able to run.
     
    Last edited: Mar 21, 2016
  3. paddy

    paddy New Member

    27
    0
    1
    Nov 27, 2014
    Ratings:
    +0
    Local Time:
    8:20 PM
    1.7.7
    MariaDB 5.5
    1. installed from centmin option
    2. its not a plugins its a wordpress themes , it's ecommerce themes ,
    3. Centmin Mod 1.2.3-eva2000.08
    4 yes its via option 22 , i've tried to disable include /usr/local/nginx/conf/wpsecure_domain but still no luck

    # Block PHP files in content directory.
    #location ~* /wp-content/.*\.php$ {
    # deny all;
    #}
     
  4. eva2000

    eva2000 Administrator Staff Member

    55,811
    12,272
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,858
    Local Time:
    11:20 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    what's the actual specific url link that is being blocked ?
     
  5. paddy

    paddy New Member

    27
    0
    1
    Nov 27, 2014
    Ratings:
    +0
    Local Time:
    8:20 PM
    1.7.7
    MariaDB 5.5
    solved it eva

    added this

    location ~ ^/wp-content/themes/themesname/ {
    include /usr/local/nginx/conf/php.conf;
    }

    # Block PHP files in uploads, content, and includes directory.
    location ~* /(?:uploads|files|wp-content|wp-includes)/.*\.php$ {
    deny all;
    }

    403 forbidden gone away now , thanks for your help mate! you RoCK!
     
  6. eva2000

    eva2000 Administrator Staff Member

    55,811
    12,272
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,858
    Local Time:
    11:20 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    ah i see the specific theme had php files included itself !