Get the most out of your Centmin Mod LEMP stack
Become a Member

Wordpress framework/theme question

Discussion in 'Blogs & CMS usage' started by hitman, Oct 26, 2016.

  1. hitman

    hitman Member

    110
    9
    18
    Jul 18, 2014
    Ratings:
    +13
    Local Time:
    7:38 AM
    hello
    i am using for a wp site theTheme.

    I installed wordpress through option 22, and i have whitelisted the 2 folders mentioned above in wpsecure_domainname.conf file.
    my question is, is there any other conf file made with option 22, i have to check to see if anything is blocked?
    (i am currently facing some issues with the theme and i am trying to exclude that these are server related problems)

    thank you for your time
     
    Last edited: Nov 4, 2016
  2. eva2000

    eva2000 Administrator Staff Member

    29,016
    6,585
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,775
    Local Time:
    2:38 PM
    Nginx 1.13.x
    MariaDB 5.5
    2 possible factors

    1st is if wordpress installed via centmin.sh menu option 22 auto installer Wordpress Nginx Auto Installer (WP Super Cache) ? If so the default wpsecure conf file at /usr/local/nginx/conf/wpsecure_${vhostname}.conf where vhostname is your domain name, blocks php scripts from executing in wp-content for security

    Below links you can see examples of setting up specific wordpress location matches to punch a hole in the wpsecure blocking to whitelist specific php files that need to be able to run.
    2nd is if on Centmin Mod 123.09beta01, you may have ran into the new tools/autoprotect.sh cronjob feature outlined at Beta Branch - autoprotect.sh - apache .htaccess check & migration to nginx deny all | Centmin Mod Community You uploaded scripts may have .htaccess deny from all type files in their directories which may need bypassing autoprotect. It's a security feature that no other nginx based stack has as far as I know :)

    So instead, all .htaccess 'deny from all' detected directories now get auto generated Nginx equivalent location match and deny all setups except if you want to manually bypass the directory from auto protection via a .autoprotect-bypass file - details below here.

    You can read a few threads below on how autoprotect.sh may have caught some folks web apps falsely and the workarounds or improvements made to autoprotect.sh with the help of users feedback and troubleshooting.
     
    • Like Like x 1