According to my webhost, it’s Apache 1.3.41-1.
Applying the following fix should resolve the issue for Apache 1.3.x:
-
Create a backup copy of the better-wp-security/core/modules/tweaks/class-itsec-tweaks.php file.
-
Edit the better-wp-security/core/modules/tweaks/class-itsec-tweaks.php file.
-
Search for ‘public function filter_apache_server_config_modification’
-
Scroll down (2x Page down) and replace the following line:
$rewrites .= "\t\tRewriteRule ^$dir/.*\.(?:php[1-6]?|pht|phtml?)$ - [NC,F]\n";
with:
$rewrites .= "\t\tRewriteRule ^$dir/.*\.((php[1-6]?)|(pht)|(phtm[l]?))$ - [NC,F]\n";
-
Save the change.
-
Test, test, test …
-
Report back and confirm whether the fix works or not.
I’m not using Apache 1.3.x so this fix is untested until further notice … Did test the new regular expression though. It should work.
dwinden
Thanks, I’ll give it a try soon.
One question: if and when iThemes updates to their next version, wouldn’t this fix be overwritten?
@liquidcross
Indeed the fix will be overwritten when updating to a newer iTSec plugin release.
dwinden
Gotcha. And I assume there’s no permanent fix unless my webhost updates their Apache installation?
@liquidcross
Switching to a newer Apache release (preferably 2.4.x) is the recommended permanent solution. For more reasons by the way than just to fix this iTSec plugin issue …
But once you get the fix tested and confirmed on Apache 1.3.x you can also log a bug with iThemes here.
Since we have figured this thing out it should be easy for iThemes to incorporate the fix in the next release.
This way you could stay on Apache 1.3.x … but again this is not recommended.
Apache 1.3.x reached end of life (EOF) status in Feb 2010 …
dwinden
Yeah, I’m going to talk to my webhost about upgrading, but I think it’s unlikely. π
I just tried editing class-itsec-tweaks.php…and there’s no $rewrites line anywhere in the file.
Oops, my bad. Wrong file …
It’s the other file, class-itsec-tweaks-admin.php
My apologies for the inconvenience.
dwinden
Success! I implemented your fix, and now “Disable PHP in Uploads” works correctly. Thanks so much! I’ve reported the bug to iThemes, along with the Hackrepair problem.
Excellent. Thank you for confirming the “Disable PHP in Uploads” fix works in Apache 1.3.x.
I guess it’s time to mark this topic as ‘resolved’.
dwinden
Yes indeed. Thank you again for all of your help. Hopefully iThemes will create a permanent fix in the next version.
Just updated the plugin to version 5.4.2, and the site is broken again. 500 Int Server Error, and the file I used to edit (class-itsec-tweaks-admin.php) no longer exists. Please help!
FWIW, I tried replacing the code as shown above in the new file class-itsec-wordpress-tweaks.php, but it had no effect.
@liquidcross
Correct that won’t work. You need to replace it in the wp-content/plugins/better-wp-security/core/modules/system-tweaks/config-generators.php file.
The tweaks have been split into multiple folders and the filenames have changed as well.
But the bug is still there … π
dwinden
