Welcome to Centmin Mod Community
Register Now

Wordpress WordPress: Failed to Load Plugin URL

Discussion in 'Blogs & CMS usage' started by bruno, Apr 14, 2018.

  1. bruno

    bruno Member

    65
    4
    8
    Oct 14, 2016
    Ratings:
    +9
    Local Time:
    6:23 PM
    It seems that centminmod is blocking one of my WP plugins.

    On the wp admin area, I'm getting the error:

    Failed to load plugin url: https://mydomain.com/wp-content/plugins/thepluginname/admin/phpfile.php

    I've tried to change the permissions for the file to 755, but that didn't make any difference

    Any idea how to resolve? :)

    Thanks in advance
     
  2. eva2000

    eva2000 Administrator Staff Member

    35,132
    7,753
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +11,956
    Local Time:
    3:23 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    Centmin Mod values security and puts additional measures in place so that end users are also mindful of security. So in your case, you might need to whitelist or unblock the WP plugins related to your 403 permission denied messages.

    If you used centmin.sh menu option 22 auto installer Wordpress Nginx Auto Installer, the default wpsecure conf file at /usr/local/nginx/conf/wpincludes/${vhostname}/wpsecure_${vhostname}.conf where vhostname is your domain name, blocks php scripts from executing in wp-content for security

    Below links you can see examples of setting up specific wordpress location matches to punch a hole in the wpsecure blocking to whitelist specific php files that need to be able to run.
    If on Centmin Mod 123.09beta01, you may have ran into the new tools/autoprotect.sh cronjob feature outlined at Beta Branch - autoprotect.sh - apache .htaccess check & migration to nginx deny all | Centmin Mod Community You uploaded scripts may have .htaccess deny from all type files in their directories which may need bypassing autoprotect. It's a security feature that no other nginx based stack has as far as I know :)

    So instead, all .htaccess 'deny from all' detected directories now get auto generated Nginx equivalent location match and deny all setups except if you want to manually bypass the directory from auto protection via a .autoprotect-bypass file - details below here.

    You can read a few threads below on how autoprotect.sh may have caught some folks web apps falsely and the workarounds or improvements made to autoprotect.sh with the help of users feedback and troubleshooting.
     
  3. bruno

    bruno Member

    65
    4
    8
    Oct 14, 2016
    Ratings:
    +9
    Local Time:
    6:23 PM
    Thanks for replying!

    So if I wanted to exclude the directory /wp-content/plugins/thepluginname/ from autoprotect.sh which code would i need to add to
    /usr/local/nginx/conf/autoprotect/domain.com/autoprotect-domain.com.conf ?

    Cheers
     
  4. eva2000

    eva2000 Administrator Staff Member

    35,132
    7,753
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +11,956
    Local Time:
    3:23 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    is the plugin directory listed in /usr/local/nginx/conf/autoprotect/domain.com/autoprotect-domain.com.conf as a location context match ? if so that means tools/autoprotect.sh issue so can setup a bypass file to skip including it in that include file as outlined at Beta Branch - autoprotect.sh - apache .htaccess check & migration to nginx deny all

    if isn't included in /usr/local/nginx/conf/autoprotect/domain.com/autoprotect-domain.com.conf, then it's related to the default wpsecure conf file at /usr/local/nginx/conf/wpincludes/${vhostname}/wpsecure_${vhostname}.conf where vhostname is your domain name, blocks php scripts from executing in wp-content for security

    Below links you can see examples of setting up specific wordpress location matches to punch a hole in the wpsecure blocking to whitelist specific php files that need to be able to run.
     
  5. bruno

    bruno Member

    65
    4
    8
    Oct 14, 2016
    Ratings:
    +9
    Local Time:
    6:23 PM
    Ah that fixed it

    For reference, I edited the wpsecure file /usr/local/nginx/conf/wpincludes/${vhostname}/wpsecure_${vhostname}.conf

    and added:

    location ~ ^/wp-content/plugins/thepluginname { allow all; include /usr/local/nginx/conf/php.conf; }


    :)
     
    • Like Like x 1
  6. eva2000

    eva2000 Administrator Staff Member

    35,132
    7,753
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +11,956
    Local Time:
    3:23 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    That's it. Yup fine grain security and control over what wordpress plugins you decide to allow at it's best :)
     
  7. bruno

    bruno Member

    65
    4
    8
    Oct 14, 2016
    Ratings:
    +9
    Local Time:
    6:23 PM
    Hmm the plugin still has issues on the frontend though - is there a way to disable wpsecure?
     
  8. eva2000

    eva2000 Administrator Staff Member

    35,132
    7,753
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +11,956
    Local Time:
    3:23 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    did you restart both nginx and php-fpm services after making changes ?

    what specific frontend issues ? if you check nginx access.log and error.log logs for further clues as other urls might be blocked
     
..