Wordpress Social login plugin trouble

Installed wp via option 22.

Tried to install social login plugin WishList Member Social Login and Registration | WLM Social and just can't make it to work.
Contacted the developer. Here is what he is saying:

------------------------------------------
I was just about to reply to you. After hours of researching and testing we discovered that it is your server security that doesn’t allow for some of the social networks to post back to your site and this is why the plugin is not working for you. Unfortunately, this is not in the ream of our support and we can not help you out.

here is a link that you can use as example: http://www.mydomain.com/wp-content/plugins/wlm-social/hybridauth/?hauth.done=Google
This link needs to be hit back by Google’s API so that we can authenticate the user to your site. instead we get a 403 Access Denied by nginx.
---------------------------------------------------


Can someone please advise how I should tweak the nginx conf file?

Thank you.

---

 

also just tried to update wp to 4.4 without luck via wp admin dashboard. wtf?

 

Never mind it was the cache + nginx and php-fpm needed to be restarted.

 

Code:

# Deny access to any files with a .php extension in the uploads directory
# Works in sub-directory installs and also in multisite network
location ~* /(?:uploads|files)/.*\.php$ {
deny all;
}

# Block PHP files in content directory.
location ~* /wp-content/.*\.php$ {
  deny all;
}

# Block PHP files in includes directory.
location ~* /wp-includes/.*\.php$ {
  deny all;
}

# Block PHP files in uploads, content, and includes directory.
location ~* /(?:uploads|files|wp-content|wp-includes)/.*\.php$ {
  deny all;
}

# Make sure files with the following extensions do not get loaded by nginx because nginx would display the source code, and these files can contain PASSWORDS!
location ~* \.(engine|inc|info|install|make|module|profile|test|po|sh|.*sql|theme|tpl(\.php)?|xtmpl)$|^(\..*|Entries.*|Repository|Root|Tag|Template)$|\.php_
{
return 444;
}

#nocgi
location ~* \.(pl|cgi|py|sh|lua)$ {
return 444;
}

#disallow
location ~* (w00tw00t) {
return 444;
}

location ~ /(\.|wp-config\.php|wp-config\.txt|readme\.html|license\.txt) { deny all; }

 

Here is the actual link:

http://www.feedgi.com/wp-content/plugins/wlm-social/hybridauth/?hauth.done=Google

 

Tried the above even before you suggested but still no luck ((

permissions are 750 for wp-content and 755 are for wlm-social
Tried changing 750 to 755 still getting 403 (((

 

Found this in both, should I comment it?

Code:

# prevent access to ./directories and files
location ~ (?:^|/)\. {
deny all;
}

 

Ok, I commented it out, but it did not change anything.

And only when I commented the following in wpsecure_domain.com.conf it worked:

Code:

# Block PHP files in content directory.
# location ~* /wp-content/.*\.php$ {
#  deny all;
# }

# Block PHP files in uploads, content, and includes directory.
# location ~* /(?:uploads|files|wp-content|wp-includes)/.*\.php$ {
#  deny all;
# }

Now, the question is how safe is it to keep it commented out?

 

Tried to uncomment the one you mentioned and adding your suggested code for exclusion (both variants) - 403 error comes back (.

 

Finally working. Thanks a lot man for your prompt support.

You and centminmod are the best