WordPress.org

Ready to get started?Download WordPress

Forums

[resolved] Thumbnail / Image Not Showing on Multisute subdomain (13 posts)

  1. xbiboy
    Member
    Posted 1 year ago #

    good day I had another issue with the images while uploading on the multisite it doesn't show the thumbnail and also the actual image it self I have tried to read some fixes here in the forum but it didn't work out our site is MST hope you can advice for a solution on this

    here are the things I have already did upon trouble shooting

    change the .htaccess to this

    RewriteRule ^([_0-9a-zA-Z-]+/)?files/(.+) wp-includes/ms-files.php?file=$2 [L]

    but it didn't work out

    I have also change the File Permission to 775 , still didn't work

  2. Can you link directly to a post with the issue?

    Also what is the COMPLETE .htaccess file?

  3. xbiboy
    Member
    Posted 1 year ago #

    here is the link

    here is the .htaccess content

    # BEGIN WordPress
    
    # TURN OFF YOUR SERVER SIGNATURE
    ServerSignature Off
    
    Options -Indexes
    
    DirectoryIndex index.php index.html /index.php
    
    RedirectMatch 403 /\..*$
    
    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.php$ - [L]
    
    # uploaded files
    RewriteRule ^([_0-9a-zA-Z-]+/)?files/(.+) wp-includes/ms-files.php?file=$2 [L]
    
    RewriteEngine On
    RewriteCond %{REQUEST_METHOD} ^(HEAD|TRACE|DELETE|TRACK|DEBUG) [NC]
    RewriteRule ^(.*)$ - [F,L]
    
    RewriteCond %{REQUEST_URI} ^/wp-content/plugins/adminer/ [NC]
    RewriteRule . - [S=12]
    # Comment Spam Pack MU Plugin - CAPTCHA images not displaying
    RewriteCond %{REQUEST_URI} ^/wp-content/mu-plugins/custom-anti-spam/ [NC]
    RewriteRule . - [S=11]
    # Peters Custom Anti-Spam display CAPTCHA Image
    RewriteCond %{REQUEST_URI} ^/wp-content/plugins/peters-custom-anti-spam-image/ [NC]
    RewriteRule . - [S=10]
    # Status Updater plugin fb connect
    RewriteCond %{REQUEST_URI} ^/wp-content/plugins/fb-status-updater/ [NC]
    RewriteRule . - [S=9]
    # Stream Video Player - Adding FLV Videos Blocked
    RewriteCond %{REQUEST_URI} ^/wp-content/plugins/stream-video-player/ [NC]
    RewriteRule . - [S=8]
    # XCloner 404 or 403 error when updating settings
    RewriteCond %{REQUEST_URI} ^/wp-content/plugins/xcloner-backup-and-restore/ [NC]
    RewriteRule . - [S=7]
    # BuddyPress Logout Redirect
    RewriteCond %{QUERY_STRING} action=logout&redirect_to=http%3A%2F%2F(.*) [NC]
    RewriteRule . - [S=6]
    # redirect_to=
    RewriteCond %{QUERY_STRING} redirect_to=(.*) [NC]
    RewriteRule . - [S=5]
    # Login Plugins Password Reset And Redirect 1
    RewriteCond %{QUERY_STRING} action=resetpass&key=(.*) [NC]
    RewriteRule . - [S=4]
    # Login Plugins Password Reset And Redirect 2
    RewriteCond %{QUERY_STRING} action=rp&key=(.*) [NC]
    RewriteRule . - [S=3]
    
    RewriteCond %{QUERY_STRING} ^.*(http|https|ftp)(%3A|:)(%2F|/)(%2F|/)(w){0,3}.?(blogger|picasa|blogspot|tsunami|petapolitik|photobucket|imgur|imageshack|wordpress\.com|img\.youtube|tinypic\.com|upload\.wikimedia|kkc|start-thegame).*$ [NC,OR]
    RewriteCond %{THE_REQUEST} ^.*(http|https|ftp)(%3A|:)(%2F|/)(%2F|/)(w){0,3}.?(blogger|picasa|blogspot|tsunami|petapolitik|photobucket|imgur|imageshack|wordpress\.com|img\.youtube|tinypic\.com|upload\.wikimedia|kkc|start-thegame).*$ [NC]
    RewriteRule .* index.php [F,L]
    RewriteCond %{REQUEST_URI} (timthumb\.php|phpthumb\.php|thumb\.php|thumbs\.php) [NC]
    RewriteRule . - [S=1]
    
    RewriteCond %{HTTP_USER_AGENT} (libwww-perl|wget|python|nikto|curl|scan|java|winhttp|clshttp|loader) [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} (%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} (;|<|>|'|"|\)|\(|%0A|%0D|%22|%27|%28|%3C|%3E|%00).*(libwww-perl|wget|python|nikto|curl|scan|java|winhttp|HTTrack|clshttp|archiver|loader|email|harvest|extract|grab|miner) [NC,OR]
    RewriteCond %{THE_REQUEST} \?\ HTTP/ [NC,OR]
    RewriteCond %{THE_REQUEST} \/\*\ HTTP/ [NC,OR]
    RewriteCond %{THE_REQUEST} etc/passwd [NC,OR]
    RewriteCond %{THE_REQUEST} cgi-bin [NC,OR]
    RewriteCond %{THE_REQUEST} (%0A|%0D|\\r|\\n) [NC,OR]
    RewriteCond %{REQUEST_URI} owssvr\.dll [NC,OR]
    RewriteCond %{HTTP_REFERER} (%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
    RewriteCond %{HTTP_REFERER} \.opendirviewer\. [NC,OR]
    RewriteCond %{HTTP_REFERER} users\.skynet\.be.* [NC,OR]
    RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=http:// [OR]
    RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(\.\.//?)+ [OR]
    RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ [NC,OR]
    RewriteCond %{QUERY_STRING} \=PHP[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12} [NC,OR]
    RewriteCond %{QUERY_STRING} (\.\./|\.\.) [OR]
    RewriteCond %{QUERY_STRING} ftp\: [NC,OR]
    RewriteCond %{QUERY_STRING} http\: [NC,OR]
    RewriteCond %{QUERY_STRING} https\: [NC,OR]
    RewriteCond %{QUERY_STRING} \=\|w\| [NC,OR]
    RewriteCond %{QUERY_STRING} ^(.*)/self/(.*)$ [NC,OR]
    RewriteCond %{QUERY_STRING} ^(.*)cPath=http://(.*)$ [NC,OR]
    RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} (\<|%3C).*embed.*(\>|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} (<|%3C)([^e]*e)+mbed.*(>|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} (\<|%3C).*object.*(\>|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} (<|%3C)([^o]*o)+bject.*(>|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} (\<|%3C).*iframe.*(\>|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} (<|%3C)([^i]*i)+frame.*(>|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [NC,OR]
    RewriteCond %{QUERY_STRING} base64_(en|de)code[^(]*\([^)]*\) [NC,OR]
    RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
    RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) [OR]
    RewriteCond %{QUERY_STRING} ^.*(\[|\]|\(|\)|<|>|%3c|%3e|%5b|%5d).* [NC,OR]
    RewriteCond %{QUERY_STRING} ^.*(\x00|\x04|\x08|\x0d|\x1b|\x20|\x3c|\x3e|\x5b|\x5d|\x7f).* [NC,OR]
    RewriteCond %{QUERY_STRING} (NULL|OUTFILE|LOAD_FILE) [OR]
    RewriteCond %{QUERY_STRING} (\./|\../|\.../)+(motd|etc|bin) [NC,OR]
    RewriteCond %{QUERY_STRING} (localhost|loopback|127\.0\.0\.1) [NC,OR]
    RewriteCond %{QUERY_STRING} (<|>|'|%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
    RewriteCond %{QUERY_STRING} concat[^\(]*\( [NC,OR]
    RewriteCond %{QUERY_STRING} union([^s]*s)+elect [NC,OR]
    RewriteCond %{QUERY_STRING} union([^a]*a)+ll([^s]*s)+elect [NC,OR]
    RewriteCond %{QUERY_STRING} (;|<|>|'|"|\)|%0A|%0D|%22|%27|%3C|%3E|%00).*(/\*|union|select|insert|drop|delete|update|cast|create|char|convert|alter|declare|order|script|set|md5|benchmark|encode) [NC,OR]
    RewriteCond %{QUERY_STRING} (sp_executesql) [NC]
    RewriteRule ^(.*)$ - [F,L]
    RewriteCond %{REQUEST_FILENAME} -f [OR]
    RewriteCond %{REQUEST_FILENAME} -d
    RewriteRule ^ - [L]
    RewriteRule . index.php [L]
    
    <FilesMatch "^(wp-config\.php|php\.ini|php5\.ini|readme\.html|bb-config\.php)">
    Order allow,deny
    Deny from all
    #Allow from xx.xx.xx.xx
    </FilesMatch>
    
    # END WordPress
    
    # BLOCK HOTLINKING TO IMAGES
    # To Test that your Hotlinking protection is working visit http://altlab.com/htaccess_tutorial.html
    #RewriteEngine On
    #RewriteCond %{HTTP_REFERER} !^https?://(www\.)?manilastandartoday.com\.com [NC]
    #RewriteCond %{HTTP_REFERER} !^$
    #RewriteRule .*\.(jpeg|jpg|gif|bmp|png)$ - [F]

    some of the codes are generated by the security plugins

  4. Ow.

    Turn off your plugins first of all. They've screwed your .htaccess but GOOD.

    THEN revert to the DEFAULT .htaccess.

    http://codex.wordpress.org/Multisite_Network_Administration#.htaccess_and_Mod_Rewrite

    See if it works. If it does, we can start looking at the plugins.

    This is probably okay, but it should be put ABOVE the WordPress calls, never after:

    <FilesMatch "^(wp-config\.php|php\.ini|php5\.ini|readme\.html|bb-config\.php)">
    Order allow,deny
    Deny from all
    #Allow from xx.xx.xx.xx
    </FilesMatch>
    
    # BLOCK HOTLINKING TO IMAGES
    # To Test that your Hotlinking protection is working visit http://altlab.com/htaccess_tutorial.html
    #RewriteEngine On
    #RewriteCond %{HTTP_REFERER} !^https?://(www\.)?manilastandartoday.com\.com [NC]
    #RewriteCond %{HTTP_REFERER} !^$
    #RewriteRule .*\.(jpeg|jpg|gif|bmp|png)$ - [F]

    Also any plugin 'changes' to WP should be code OUTSIDE the WordPress lines. Preferably you put 'em in above, so they get checked first.

  5. xbiboy
    Member
    Posted 1 year ago #

    I disabled the 2 plugins that adds the additional code on our .htaccess, we use the Bulletproof Security and Better WordPress Security and the thumbnail is now showing what might cause the problem, need to secure our site

  6. xbiboy
    Member
    Posted 1 year ago #

    it's now working on some subdomain but there are still other subdomain that doesn't show the images hmmmmm weird.

  7. xbiboy
    Member
    Posted 1 year ago #

    Solved: I remove this line of code on the .htaccess it is generated by the BETTER WP SECURITY

    RewriteRule ^wp-admin/includes/ - [F,L]
    RewriteRule !^wp-includes/ - [S=3]
    RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
    RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
    RewriteRule ^wp-includes/theme-compat/ - [F,L]
  8. Yeah, I can see that...

    Huh. Time to tag this one for that plugin so they know about the conflict!

  9. AITpro
    Member
    Posted 1 year ago #

    Yep that block of htaccess code is recommended on the WP Codex page for Hardening WordPress, but it does not work for MU Subdomain sites and in some cases MU Subdirectory sites. This .htaccess code was once included in BPS, but we discovered this same problem sometime last winter. The FilesMatch code in the BPS .htaccess file can go anywhere outside of the WP Rewrite loop. It is not an .htaccess directive that is dependent on rules or conditions and is "standalone" .htaccess code and go anywhere in .htaccess files.

  10. Would you document that in your readme FAQ? :)

  11. AITpro
    Member
    Posted 1 year ago #

    It's actually already documented here >>> http://www.ait-pro.com/aitpro-blog/3454/wordpress-tips-tricks-fixes/wordpress-network-mu-images-not-displaying-images-not-displaying-in-media-library-images-not-displaying-on-website/

    I try to keep the FAQ as simple as possible. ;) What i have found in the past is that when i add help info about past issues that no longer exist is that i end up getting a lot of emails or posted questions about that old help / FAQ info. It seems that if you mention something then you are just asking to be asked questions about it. LOL So since the issue is already handled I don't want to get asked questions about it. I think the post above is ranked fairly high in Google so if folks google it they will probably find that answer. ;)

  12. Think of it this way: If someone has a problem, the FIRST place we look is the plugin repo page.

    Does this work with netowork or multisite installations?
    Yes.

    If that answer is "yes, BUT..." then you should document that. Heck just saying "Yes, but please read [linked post]." would work :) Google ranks that page high, but the default assumption is always that the plugin repo page has the most accurate information. That's why they're there ;)

  13. AITpro
    Member
    Posted 1 year ago #

    Yes you are absolutely correct and i could not agree with you more and the FAQ is filled up with every common question that gets asked. I guess i was not completely clear about this specific particular issue. In this particular case this issue was taken care of last January so since it was no longer an issue / relevant, the FAQ info was also removed from the Network / Multisite FAQ section.

Topic Closed

This topic has been closed to new replies.

About this Topic