Again, after major Wordfence update images and thumbnails are off

  • Arthur Končar

    (@arthurkoncar)


    7 years, 1 month ago

    Hi,

    I know this topci discussed here many times, but I found no solution for this issue (which in fact isn’t a bug): after a major update of WF on WP v4.7.2 (and below) WF copies an .htacces to /wp-content/uploads:

    # BEGIN Wordfence code execution protection
<IfModule mod_php5.c>
php_flag engine 0
</IfModule>

AddHandler cgi-script .php .phtml .php3 .pl .py .jsp .asp .htm .shtml .sh .cgi
Options -ExecCGI
# END Wordfence code execution protection

    With this .htaccess enabled, neither images in the frontend nor thumbs in the media library will be displayed. Renaming or deleting this file solves this issue, but opens up a security hole, so this ain’t no solution. This behavior is reproducable on all my WP installations, all running at the same hoster.

    Is anyone out there who can please help me on with the correct code in this file?

    THX in advance,

    Arthur

Viewing 3 replies - 1 through 3 (of 3 total)
  • wfalaa

    (@wfalaa)

    7 years, 1 month ago

    Hi Arthur,
    This code you shared is correct, the plugin creates “.htaccess” file with this code in “/wp-content/uploads/” directory if you have “Disable Code Execution for Uploads directory” option enabled.

    When you try to access any of your images directly in the browser, do you get any errors (“server error 500” or “error 404 not found”)? because your server might be preventing some directives from being executed in “.htaccess” file, we have seen some web hosts disable php_flag which may be the reason for this issue.

    Thanks.

    Thread Starter Arthur Končar

    (@arthurkoncar)

    7 years, 1 month ago

    Hi,

    thank you for your supply. You are right, there are restrictions, but they only prevent accessing directories directly; displaying images is still allowed, no error messages at all. Concerning the php_flag there is no ‘on’ or ‘off’ because there is no php_flag set at all.

    But you are right, this could be a hoster’s setting because there are dozens of other Wordfence installations at the same company infrastructure, and they all show the same behaviour.

    So, with that in mind, how can we go on?

    Thank you!

    wfalaa

    (@wfalaa)

    7 years, 1 month ago

    I suggest getting in contact with your hosting provider and share with them the “.htaccess” file contents to see if they are blocking something that could be responsible for that or not.

    Thanks.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Again, after major Wordfence update images and thumbnails are off’ is closed to new replies.