Wordpress framework/theme question

2 possible factors

1st is if wordpress installed via centmin.sh menu option 22 auto installer Wordpress Nginx Auto Installer (WP Super Cache) ? If so the default wpsecure conf file at /usr/local/nginx/conf/wpsecure_${vhostname}.conf where vhostname is your domain name, blocks php scripts from executing in wp-content for security

Below links you can see examples of setting up specific wordpress location matches to punch a hole in the wpsecure blocking to whitelist specific php files that need to be able to run.

• Problem with timthumb security
• Wordpress - need help for woocommerce plugin
• Wordpress - Visual editor missing
• Wordpress - Social login plugin trouble
• Wordpress - Social login plugin trouble

2nd is if on Centmin Mod 123.09beta01, you may have ran into the new tools/autoprotect.sh cronjob feature outlined at Beta Branch - autoprotect.sh - apache .htaccess check & migration to nginx deny all | Centmin Mod Community You uploaded scripts may have .htaccess deny from all type files in their directories which may need bypassing autoprotect. It's a security feature that no other nginx based stack has as far as I know

So instead, all .htaccess 'deny from all' detected directories now get auto generated Nginx equivalent location match and deny all setups except if you want to manually bypass the directory from auto protection via a .autoprotect-bypass file - details below here.

You can read a few threads below on how autoprotect.sh may have caught some folks web apps falsely and the workarounds or improvements made to autoprotect.sh with the help of users feedback and troubleshooting.

• Is it better to add an exeption for 127.0.0.1 for autoprotect rules? | Centmin Mod Community
• IP.Board - Query on autoprotect + IPB forums | Centmin Mod Community
• Wordpress - Akismet JS and CSS - Forbidden? | Centmin Mod Community