Welcome to Centmin Mod Community
Become a Member

Wordpress Visual editor missing.

Discussion in 'Blogs & CMS usage' started by harryneopotter, Feb 26, 2016.

  1. harryneopotter

    harryneopotter Member

    70
    3
    8
    Aug 16, 2015
    Ratings:
    +8
    Local Time:
    9:00 AM
    Nginx 1.9.3
    MariaDB 10.0
  2. harryneopotter

    harryneopotter Member

    70
    3
    8
    Aug 16, 2015
    Ratings:
    +8
    Local Time:
    9:00 AM
    Nginx 1.9.3
    MariaDB 10.0
    looks like all php files in /includes are blocked (wpsecure) ..anyway to allow just this file ?
     
  3. eva2000

    eva2000 Administrator Staff Member

    53,508
    12,132
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,675
    Local Time:
    1:30 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    If you used centmin.sh menu option 22 to auto install Wordpress, see Blank WordPress editor | Centmin Mod Community for how to punch a hole in the deny 403 protection of wordpress to allow that editor. Centmin Mod 123.09beta01 does this automatically for common wordpress plugins that require php files to be run from wp-content/*. See Beta Branch - update inc/wpsetup.inc pre-whitelist wp plugins | Centmin Mod Community and full example of changes for /usr/local/nginx/conf/wpincludes/${vhostname}/wpsecure_${vhostname}.conf where vhostname is your domain name at update inc/wpsetup.inc pre-whitelist wp plugins · centminmod/centminmod@4137e28 · GitHub

    so new your new /usr/local/nginx/conf/wpsecure_${vhostname}.conf where vhostname = your domain include file will look like this

    so replace your existing /usr/local/nginx/conf/wpsecure_${vhostname}.conf contents with the below copy and restart nginx and php-fpm service via
    Code:
    nprestart
    contents of /usr/local/nginx/conf/wpsecure_${vhostname}.conf
    Code:
    # Deny access to any files with a .php extension in the uploads directory
    # Works in sub-directory installs and also in multisite network
    location ~* /(?:uploads|files)/.*\.php$ {
    deny all;
    }
    
    # Whitelist Exception for https://wordpress.org/plugins/theme-check/
    location ~ ^/wp-content/plugins/theme-check/ {
      include /usr/local/nginx/conf/php.conf;
    }
    
    # Whitelist Exception for https://wordpress.org/plugins/woocommerce/
    location ~ ^/wp-content/plugins/woocommerce/ {
      include /usr/local/nginx/conf/php.conf;
    }
    
    # Whitelist Exception for https://wordpress.org/plugins/woocommerce-csvimport/
    location ~ ^/wp-content/plugins/woocommerce-csvimport/ {
      include /usr/local/nginx/conf/php.conf;
    }
    
    # Whitelist Exception for https://wordpress.org/plugins/advanced-custom-fields/
    location ~ ^/wp-content/plugins/advanced-custom-fields/ {
      include /usr/local/nginx/conf/php.conf;
    }
    
    # Whitelist Exception for https://wordpress.org/plugins/contact-form-7/
    location ~ ^/wp-content/plugins/contact-form-7/ {
      include /usr/local/nginx/conf/php.conf;
    }
    
    # Whitelist Exception for https://wordpress.org/plugins/duplicator/
    location ~ ^/wp-content/plugins/duplicator/ {
      include /usr/local/nginx/conf/php.conf;
    }
    
    # Whitelist Exception for https://wordpress.org/plugins/jetpack/
    location ~ ^/wp-content/plugins/jetpack/ {
      include /usr/local/nginx/conf/php.conf;
    }
    
    # Whitelist Exception for https://wordpress.org/plugins/nextgen-gallery/
    location ~ ^/wp-content/plugins/nextgen-gallery/ {
      include /usr/local/nginx/conf/php.conf;
    }
    
    # Whitelist Exception for https://wordpress.org/plugins/tinymce-advanced/
    location ~ ^/wp-content/plugins/tinymce-advanced/ {
      include /usr/local/nginx/conf/php.conf;
    }
    
    # Whitelist Exception for https://wordpress.org/plugins/updraftplus/
    location ~ ^/wp-content/plugins/updraftplus/ {
      include /usr/local/nginx/conf/php.conf;
    }
    
    # Whitelist Exception for https://wordpress.org/plugins/wordpress-importer/
    location ~ ^/wp-content/plugins/wordpress-importer/ {
      include /usr/local/nginx/conf/php.conf;
    }
    
    # Whitelist Exception for https://wordpress.org/plugins/wordpress-seo/
    location ~ ^/wp-content/plugins/wordpress-seo/ {
      include /usr/local/nginx/conf/php.conf;
    }
    
    # Whitelist Exception for https://wordpress.org/plugins/wpclef/
    location ~ ^/wp-content/plugins/wpclef/ {
      include /usr/local/nginx/conf/php.conf;
    }
    
    # Whitelist Exception for https://wordpress.org/plugins/mailchimp-for-wp/
    location ~ ^/wp-content/plugins/mailchimp-for-wp/ {
      include /usr/local/nginx/conf/php.conf;
    }
    
    # Whitelist Exception for https://wordpress.org/plugins/wp-optimize/
    location ~ ^/wp-content/plugins/wp-optimize/ {
      include /usr/local/nginx/conf/php.conf;
    }
    
    # Whitelist Exception for https://wordpress.org/plugins/si-contact-form/
    location ~ ^/wp-content/plugins/si-contact-form/ {
      include /usr/local/nginx/conf/php.conf;
    }
    
    # Whitelist Exception for https://wordpress.org/plugins/akismet/
    location ~ ^/wp-content/plugins/akismet/ {
      include /usr/local/nginx/conf/php.conf;
    }
    
    # Whitelist Exception for https://wordpress.org/plugins/bbpress/
    location ~ ^/wp-content/plugins/bbpress/ {
      include /usr/local/nginx/conf/php.conf;
    }
    
    # Whitelist Exception for https://wordpress.org/plugins/buddypress/
    location ~ ^/wp-content/plugins/buddypress/ {
      include /usr/local/nginx/conf/php.conf;
    }
    
    # Whitelist Exception for https://wordpress.org/plugins/all-in-one-seo-pack/
    location ~ ^/wp-content/plugins/all-in-one-seo-pack/ {
      include /usr/local/nginx/conf/php.conf;
    }
    
    # Whitelist Exception for https://wordpress.org/plugins/google-analytics-for-wordpress/
    location ~ ^/wp-content/plugins/google-analytics-for-wordpress/ {
      include /usr/local/nginx/conf/php.conf;
    }
    
    # Whitelist Exception for https://wordpress.org/plugins/regenerate-thumbnails/
    location ~ ^/wp-content/plugins/regenerate-thumbnails/ {
      include /usr/local/nginx/conf/php.conf;
    }
    
    # Whitelist Exception for https://wordpress.org/plugins/wp-pagenavi/
    location ~ ^/wp-content/plugins/wp-pagenavi/ {
      include /usr/local/nginx/conf/php.conf;
    }
    
    # Whitelist Exception for https://wordpress.org/plugins/wordfence/
    location ~ ^/wp-content/plugins/wordfence/ {
      include /usr/local/nginx/conf/php.conf;
    }
    
    # Whitelist Exception for https://wordpress.org/plugins/really-simple-captcha/
    location ~ ^/wp-content/plugins/really-simple-captcha/ {
      include /usr/local/nginx/conf/php.conf;
    }
    
    # Whitelist Exception for https://wordpress.org/plugins/wp-pagenavi/
    location ~ ^/wp-content/plugins/wp-pagenavi/ {
      include /usr/local/nginx/conf/php.conf;
    }
    
    # Whitelist Exception for https://wordpress.org/plugins/ml-slider/
    location ~ ^/wp-content/plugins/ml-slider/ {
      include /usr/local/nginx/conf/php.conf;
    }
    
    # Whitelist Exception for https://wordpress.org/plugins/black-studio-tinymce-widget/
    location ~ ^/wp-content/plugins/black-studio-tinymce-widget/ {
      include /usr/local/nginx/conf/php.conf;
    }
    
    # Whitelist Exception for https://wordpress.org/plugins/disable-comments/
    location ~ ^/wp-content/plugins/disable-comments/ {
      include /usr/local/nginx/conf/php.conf;
    }
    
    # Whitelist Exception for https://wordpress.org/plugins/better-wp-security/
    location ~ ^/wp-content/plugins/better-wp-security/ {
      include /usr/local/nginx/conf/php.conf;
    }
    
    # Whitelist Exception for http://wlmsocial.com/
    location ~ ^/wp-content/plugins/wlm-social/ {
      include /usr/local/nginx/conf/php.conf;
    }
    
    # Whitelist Exception for mediagrid timthumb
    location ~ ^/wp-content/plugins/media-grid/classes/ {
      include /usr/local/nginx/conf/php.conf;
    }
    
    # Block PHP files in content directory.
    location ~* /wp-content/.*\.php$ {
      deny all;
    }
    
    # Block PHP files in includes directory.
    location ~* /wp-includes/.*\.php$ {
      deny all;
    }
    
    # Block PHP files in uploads, content, and includes directory.
    location ~* /(?:uploads|files|wp-content|wp-includes)/.*\.php$ {
      deny all;
    }
    
    # Make sure files with the following extensions do not get loaded by nginx because nginx would display the source code, and these files can contain PASSWORDS!
    location ~* \.(engine|inc|info|install|make|module|profile|test|po|sh|.*sql|theme|tpl(\.php)?|xtmpl)$|^(\..*|Entries.*|Repository|Root|Tag|Template)$|\.php_
    {
    return 444;
    }
    
    #nocgi
    location ~* \.(pl|cgi|py|sh|lua)$ {
    return 444;
    }
    
    #disallow
    location ~* (w00tw00t) {
    return 444;
    }
    
    location ~* /(\.|wp-config\.php|wp-config\.txt|changelog\.txt|readme\.txt|readme\.html|license\.txt) { deny all; }
    but looks like i only pre-whitelisted tinymce-advanced and not tinymce
    Code:
    # Whitelist Exception for https://wordpress.org/plugins/tinymce-advanced/
    location ~ ^/wp-content/plugins/tinymce-advanced/ {
      include /usr/local/nginx/conf/php.conf;
    }
    so add above that entry one in revised file for tinymce
    Code:
    # Whitelist Exception for https://wordpress.org/plugins/tinymce/
    location ~ ^/wp-content/plugins/tinymce/ {
      include /usr/local/nginx/conf/php.conf;
    }
    or is TinyMCE Advanced — WordPress Plugins listed in directory as located at /wp-content/plugins/tinymce-advanced/ ?

    edit: oh i see wp-includes/js/tinymce/wp-tinymce.php is in wp-includes not wp-content so change and append to /usr/local/nginx/conf/wpsecure_${vhostname}.conf

    Code:
    # Whitelist Exception for wp-includes/js/tinymce/wp-tinymce.php
    location ~ ^/wp-includes/js/tinymce/ {
      include /usr/local/nginx/conf/php.conf;
    }
    btw, which plugin installs wp-includes/js/tinymce/wp-tinymce.php ? i can't find the file in tinymce-advanced plugin
     
    Last edited: Feb 27, 2016
  4. harryneopotter

    harryneopotter Member

    70
    3
    8
    Aug 16, 2015
    Ratings:
    +8
    Local Time:
    9:00 AM
    Nginx 1.9.3
    MariaDB 10.0
    whitelisting didnt help. So I had to comment out the denying rule in the file and it is working for now. Not sure which plugin adds it, can be the theme itself.
     
  5. eva2000

    eva2000 Administrator Staff Member

    53,508
    12,132
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,675
    Local Time:
    1:30 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    i see.. at least you know what to do now :)