Wordpress Certain static files: "expiration not specified"

Having trouble understanding why some static files are not setting their Cache-Control and Expires headers.

Working:



Not working:


I noticed that all of the files that are having this issue are within the themes directory.

---

Any ideas?

 

I did modify it, only the expire time as a test just to see if it would make any difference. Ill paste the configs shortly.

 

Code:

# Centmin Mod Getting Started Guide
# must read http://centminmod.com/getstarted.html

# redirect from non-www to www
# uncomment, save file and restart Nginx to enable
# if unsure use return 302 before using return 301
#server {
#            listen   80;
#            server_name domain.com;
#            return 301 $scheme://www.domain.com$request_uri;
#       }

server {

  server_name domain.com www.domain.com;

# ngx_pagespeed & ngx_pagespeed handler
#include /usr/local/nginx/conf/pagespeed.conf;
#include /usr/local/nginx/conf/pagespeedhandler.conf;
#include /usr/local/nginx/conf/pagespeedstatslog.conf;

  #add_header X-Frame-Options SAMEORIGIN;
  #add_header X-Xss-Protection "1; mode=block" always;
  #add_header X-Content-Type-Options "nosniff" always;

  # limit_conn limit_per_ip 16;
  # ssi  on;

  access_log /home/nginx/domains/domain.com/log/access.log combined buffer=256k flush=60m;
  error_log /home/nginx/domains/domain.com/log/error.log;

  root /home/nginx/domains/domain.com/public;
  # uncomment cloudflare.conf include if using cloudflare for
  # server and/or vhost site
  #include /usr/local/nginx/conf/cloudflare.conf;
  include /usr/local/nginx/conf/503include-main.conf;

  #include /usr/local/nginx/conf/wpincludes/domain.com/wpcacheenabler_domain.com.conf;
  #include /usr/local/nginx/conf/wpincludes/domain.com/wpsupercache_domain.com.conf;
  # https://community.centminmod.com/posts/18828/
  include /usr/local/nginx/conf/wpincludes/domain.com/rediscache_domain.com.conf;

  location / {
  include /usr/local/nginx/conf/503include-only.conf;


  # Enables directory listings when index file not found
  #autoindex  on;

  # for wordpress super cache plugin
  #try_files /wp-content/cache/supercache/$http_host/$cache_uri/index.html $uri $uri/ /index.php?q=$uri&$args;

  # for wp cache enabler plugin
  #try_files $cache_enabler_uri $uri $uri/ $custom_subdir/index.php?$args;

  # Wordpress Permalinks
  #try_files $uri $uri/ /index.php?q=$uri&$args;

  # Nginx level redis Wordpress
  # https://community.centminmod.com/posts/18828/
  try_files $uri $uri/ /index.php?$args;

  #W3TC
  #try_files /wp-content/cache/page_enhanced/${host}${cache_uri}_index.html $uri $uri/ /index.php?$args ;

  }

location ~* /(wp-login\.php) {
    limit_req zone=xwplogin burst=1 nodelay;
    #limit_conn xwpconlimit 30;
    #auth_basic "Private";
    #auth_basic_user_file /home/nginx/domains/domain.com/htpasswd_wplogin;
    #include /usr/local/nginx/conf/php-wpsc.conf;
    # https://community.centminmod.com/posts/18828/
    include /usr/local/nginx/conf/php-rediscache.conf;
}

location ~* /(xmlrpc\.php) {
    limit_req zone=xwprpc burst=45 nodelay;
    #limit_conn xwpconlimit 30;
    #include /usr/local/nginx/conf/php-wpsc.conf;
    # https://community.centminmod.com/posts/18828/
    include /usr/local/nginx/conf/php-rediscache.conf;
}

  include /usr/local/nginx/conf/wpincludes/domain.com/wpsecure_domain.com.conf;
  #include /usr/local/nginx/conf/php-wpsc.conf;
  # https://community.centminmod.com/posts/18828/
  include /usr/local/nginx/conf/php-rediscache.conf;
  include /usr/local/nginx/conf/staticfiles.conf;
  include /usr/local/nginx/conf/drop.conf;
  #include /usr/local/nginx/conf/errorpage.conf;
  include /usr/local/nginx/conf/vts_server.conf;

}

Code:

# prevent .zip, .gz, .tar, .bzip2 files from being accessed by default
# impossible for centmin mod to know which wp backup plugins they installed
# which may save backups to directories in wp-content/
# such plugins may deploy .htaccess protection but that isn't supported in
# nginx, so blocking access to these extensions is a workaround to cover all bases
location ~* ^/(wp-content)/(.*?)\.(zip|gz|tar|bzip2|7z)$ { deny all; }

location ~ ^/wp-content/updraft { deny all; }

location ~ ^/(wp-includes/js/tinymce/wp-tinymce.php) {
  include /usr/local/nginx/conf/php.conf;
}

# Deny access to any files with a .php extension in the uploads directory
# Works in sub-directory installs and also in multisite network
location ~* /(?:uploads|files)/.*\.php$ {
deny all;
}

# Whitelist Exception for https://wordpress.org/plugins/sparkpost/
location ~ ^/wp-content/plugins/sparkpost/ {
  include /usr/local/nginx/conf/php.conf;
}

# Whitelist Exception for https://wordpress.org/plugins/sendgrid-email-delivery-simplified/
location ~ ^/wp-content/plugins/sendgrid-email-delivery-simplified/ {
  include /usr/local/nginx/conf/php.conf;
}
# Whitelist Exception for https://wordpress.org/plugins/sendgrid-email-delivery-simplified/
location ~ ^/wp-content/themes/soledad/soundoff-data.php {
  include /usr/local/nginx/conf/php.conf;
}

# Whitelist Exception for https://wordpress.org/plugins/mailgun/
location ~ ^/wp-content/plugins/mailgun/ {
  include /usr/local/nginx/conf/php.conf;
}

# Whitelist Exception for https://wordpress.org/plugins/mailjet-for-wordpress/
location ~ ^/wp-content/plugins/mailjet-for-wordpress/ {
  include /usr/local/nginx/conf/php.conf;
}

# Whitelist Exception for https://wordpress.org/plugins/easy-wp-smtp/
location ~ ^/wp-content/plugins/easy-wp-smtp/ {
  include /usr/local/nginx/conf/php.conf;
}

# Whitelist Exception for https://wordpress.org/plugins/postman-smtp/
location ~ ^/wp-content/plugins/postman-smtp/ {
  include /usr/local/nginx/conf/php.conf;
}

# Whitelist Exception for https://wordpress.org/plugins/sendpress/
location ~ ^/wp-content/plugins/sendpress/ {
  include /usr/local/nginx/conf/php.conf;
}

# Whitelist Exception for https://wordpress.org/plugins/wp-mail-bank/
location ~ ^/wp-content/plugins/wp-mail-bank/ {
  include /usr/local/nginx/conf/php.conf;
}

# Whitelist Exception for https://wordpress.org/plugins/theme-check/
location ~ ^/wp-content/plugins/theme-check/ {
  include /usr/local/nginx/conf/php.conf;
}

# Whitelist Exception for https://wordpress.org/plugins/woocommerce/
location ~ ^/wp-content/plugins/woocommerce/ {
  include /usr/local/nginx/conf/php.conf;
}

# Whitelist Exception for https://wordpress.org/plugins/woocommerce-csvimport/
location ~ ^/wp-content/plugins/woocommerce-csvimport/ {
  include /usr/local/nginx/conf/php.conf;
}

# Whitelist Exception for https://wordpress.org/plugins/advanced-custom-fields/
location ~ ^/wp-content/plugins/advanced-custom-fields/ {
  include /usr/local/nginx/conf/php.conf;
}

# Whitelist Exception for https://wordpress.org/plugins/contact-form-7/
location ~ ^/wp-content/plugins/contact-form-7/ {
  include /usr/local/nginx/conf/php.conf;
}

# Whitelist Exception for https://wordpress.org/plugins/duplicator/
location ~ ^/wp-content/plugins/duplicator/ {
  include /usr/local/nginx/conf/php.conf;
}

# Whitelist Exception for https://wordpress.org/plugins/jetpack/
location ~ ^/wp-content/plugins/jetpack/ {
  include /usr/local/nginx/conf/php.conf;
}

# Whitelist Exception for https://wordpress.org/plugins/nextgen-gallery/
location ~ ^/wp-content/plugins/nextgen-gallery/ {
  include /usr/local/nginx/conf/php.conf;
}

# Whitelist Exception for https://wordpress.org/plugins/tinymce-advanced/
location ~ ^/wp-content/plugins/tinymce-advanced/ {
  include /usr/local/nginx/conf/php.conf;
}

# Whitelist Exception for https://wordpress.org/plugins/updraftplus/
location ~ ^/wp-content/plugins/updraftplus/ {
  include /usr/local/nginx/conf/php.conf;
}

# Whitelist Exception for https://wordpress.org/plugins/wordpress-importer/
location ~ ^/wp-content/plugins/wordpress-importer/ {
  include /usr/local/nginx/conf/php.conf;
}

# Whitelist Exception for https://wordpress.org/plugins/wordpress-seo/
location ~ ^/wp-content/plugins/wordpress-seo/ {
  include /usr/local/nginx/conf/php.conf;
}

# Whitelist Exception for https://wordpress.org/plugins/wpclef/
location ~ ^/wp-content/plugins/wpclef/ {
  include /usr/local/nginx/conf/php.conf;
}

# Whitelist Exception for https://wordpress.org/plugins/mailchimp-for-wp/
location ~ ^/wp-content/plugins/mailchimp-for-wp/ {
  include /usr/local/nginx/conf/php.conf;
}

# Whitelist Exception for https://wordpress.org/plugins/wp-optimize/
location ~ ^/wp-content/plugins/wp-optimize/ {
  include /usr/local/nginx/conf/php.conf;
}

# Whitelist Exception for https://wordpress.org/plugins/si-contact-form/
location ~ ^/wp-content/plugins/si-contact-form/ {
  include /usr/local/nginx/conf/php.conf;
}

# Whitelist Exception for https://wordpress.org/plugins/akismet/
location ~ ^/wp-content/plugins/akismet/ {
  include /usr/local/nginx/conf/php.conf;
}

# Whitelist Exception for https://wordpress.org/plugins/bbpress/
location ~ ^/wp-content/plugins/bbpress/ {
  include /usr/local/nginx/conf/php.conf;
}

# Whitelist Exception for https://wordpress.org/plugins/buddypress/
location ~ ^/wp-content/plugins/buddypress/ {
  include /usr/local/nginx/conf/php.conf;
}

# Whitelist Exception for https://wordpress.org/plugins/all-in-one-seo-pack/
location ~ ^/wp-content/plugins/all-in-one-seo-pack/ {
  include /usr/local/nginx/conf/php.conf;
}

# Whitelist Exception for https://wordpress.org/plugins/google-analytics-for-wordpress/
location ~ ^/wp-content/plugins/google-analytics-for-wordpress/ {
  include /usr/local/nginx/conf/php.conf;
}

# Whitelist Exception for https://wordpress.org/plugins/regenerate-thumbnails/
location ~ ^/wp-content/plugins/regenerate-thumbnails/ {
  include /usr/local/nginx/conf/php.conf;
}

# Whitelist Exception for https://wordpress.org/plugins/wp-pagenavi/
location ~ ^/wp-content/plugins/wp-pagenavi/ {
  include /usr/local/nginx/conf/php.conf;
}

# Whitelist Exception for https://wordpress.org/plugins/wordfence/
location ~ ^/wp-content/plugins/wordfence/ {
  include /usr/local/nginx/conf/php.conf;
}

# Whitelist Exception for https://wordpress.org/plugins/really-simple-captcha/
location ~ ^/wp-content/plugins/really-simple-captcha/ {
  include /usr/local/nginx/conf/php.conf;
}

# Whitelist Exception for https://wordpress.org/plugins/wp-pagenavi/
location ~ ^/wp-content/plugins/wp-pagenavi/ {
  include /usr/local/nginx/conf/php.conf;
}

# Whitelist Exception for https://wordpress.org/plugins/ml-slider/
location ~ ^/wp-content/plugins/ml-slider/ {
  include /usr/local/nginx/conf/php.conf;
}

# Whitelist Exception for https://wordpress.org/plugins/black-studio-tinymce-widget/
location ~ ^/wp-content/plugins/black-studio-tinymce-widget/ {
  include /usr/local/nginx/conf/php.conf;
}

# Whitelist Exception for https://wordpress.org/plugins/disable-comments/
location ~ ^/wp-content/plugins/disable-comments/ {
  include /usr/local/nginx/conf/php.conf;
}

# Whitelist Exception for https://wordpress.org/plugins/better-wp-security/
location ~ ^/wp-content/plugins/better-wp-security/ {
  include /usr/local/nginx/conf/php.conf;
}

# Whitelist Exception for https://wordpress.org/plugins/better-wp-security/
location ~ ^/wp-content/themes/soledad/ {
  include /usr/local/nginx/conf/php.conf;
}
# Whitelist Exception for http://wlmsocial.com/
location ~ ^/wp-content/plugins/wlm-social/ {
  include /usr/local/nginx/conf/php.conf;
}

# Whitelist Exception for mediagrid timthumb
location ~ ^/wp-content/plugins/media-grid/classes/ {
  include /usr/local/nginx/conf/php.conf;
}

# Block PHP files in content directory.
location ~* /wp-content/.*\.php$ {
  deny all;
}

# Block PHP files in includes directory.
location ~* /wp-includes/.*\.php$ {
  deny all;
}

# Block PHP files in uploads, content, and includes directory.
location ~* /(?:uploads|files|wp-content|wp-includes)/.*\.php$ {
  deny all;
}

# Make sure files with the following extensions do not get loaded by nginx because nginx would display the source code, and these files can contain PASSWORDS!
location ~* \.(engine|inc|info|install|make|module|profile|test|po|sh|.*sql|theme|tpl(\.php)?|xtmpl)$|^(\..*|Entries.*|Repository|Root|Tag|Template)$|\.php_
{
return 444;
}

#nocgi
location ~* \.(pl|cgi|py|sh|lua)$ {
return 444;
}

#disallow
location ~* (w00tw00t) {
return 444;
}

location ~* /(\.|wp-config\.php|wp-config\.txt|changelog\.txt|readme\.txt|readme\.html|license\.txt) { deny all; }
location ~* /(wp-content)/(.*?)\.(zip|gz|tar|bzip2|7z|txt)$ { deny all; }

I removed the /usr/local/nginx/conf/autoprotect/ include to rule it out.

 

Oh wow, I just figured it out, its because of the added location in wpsecure_domain.com.conf

Code:

# Whitelist Exception for https://wordpress.org/plugins/better-wp-security/
location ~ ^/wp-content/themes/soledad/ {
  include /usr/local/nginx/conf/php.conf;
}

Just changed it to

Code:

# Whitelist Exception for https://wordpress.org/plugins/better-wp-security/
location ~ ^/wp-content/themes/soledad/ {
  include /usr/local/nginx/conf/php.conf;
    add_header Access-Control-Allow-Origin *;
  add_header Cache-Control "public, must-revalidate, proxy-revalidate";
        access_log off;
        expires 30d;

}

Thanks for opening my eyes

 

I did yeah a while back yeah, we were getting forbidden errors coming from the themes directory. Thanks for your help as usual