Support » Fixing WordPress » plugin activation/deactivation leads to 404

  • Resolved arsm

    (@arsenalemusica)


    Suddenly having a problem on activating/deactivating plugins that are existing in my site, or if adding new ones: the site goes into a 404 page with URl /wp-admin/plugins.php?deactivate=true&plugin_status=all&paged=1&s=.
    I must hit back in the browser and reload the page to see the real status. I have no idea how to fix it. Any help?

    I have also noticed (from the Site health check) that a request to REST API has failed due to cURL error 28: Operation timed out after 10000 milliseconds with 0 bytes received (http_request_failed)

    Are the above issues related?

Viewing 4 replies - 1 through 4 (of 4 total)
  • corrinarusso

    (@corrinarusso)

    If you are getting cURL errors, suggest speaking to your host to increase your memory limits, or see here :
    https://www.samuelaguilera.com/post/curl-error-28-wordpress
    https://docs.presscustomizr.com/article/326-how-to-fix-a-curl-error-28-connection-timed-out-in-wordpress

    Thread Starter arsm

    (@arsenalemusica)

    hi there, in this hour the problem with cURL seems gone. You suggested it might have been a memory issue, and by running site health again I’m not getting that error anymore. So I guess it was temporary.

    Still, have you (or anyone else) got an idea about that nasty first issue with redirect? There’s a similar article but the solution is not clear about any coding.

    Thread Starter arsm

    (@arsenalemusica)

    Crazy, I found the culprit by myself… well, by reading around that it might be something in .htaccess. And that goes right back at the time, a couple of days ago, when I added the following code against SQL injections:

    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteCond %{REQUEST_METHOD} ^(HEAD|TRACE|DELETE|TRACK) [NC]
    RewriteRule ^(.*)$ - [F,L]
    RewriteCond %{QUERY_STRING} \.\.\/ [NC,OR]
    RewriteCond %{QUERY_STRING} boot\.ini [NC,OR]
    RewriteCond %{QUERY_STRING} tag\= [NC,OR]
    RewriteCond %{QUERY_STRING} ftp\:  [NC,OR]
    RewriteCond %{QUERY_STRING} http\:  [NC,OR]
    RewriteCond %{QUERY_STRING} https\:  [NC,OR]
    RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|%3D) [NC,OR]
    RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [NC,OR]
    RewriteCond %{QUERY_STRING} ^.*(\[|\]|\(|\)|<|>|ê|"|;|\?|\*|=$).* [NC,OR]
    RewriteCond %{QUERY_STRING} ^.*("|'|<|>|\|{||).* [NC,OR]
    RewriteCond %{QUERY_STRING} ^.*(%24&x).* [NC,OR]
    RewriteCond %{QUERY_STRING} ^.*(%0|%A|%B|%C|%D|%E|%F|127\.0).* [NC,OR]
    RewriteCond %{QUERY_STRING} ^.*(globals|encode|localhost|loopback).* [NC,OR]
    RewriteCond %{QUERY_STRING} ^.*(request|select|insert|union|declare).* [NC]
    RewriteCond %{HTTP_COOKIE} !^.*WordPress_logged_in_.*$
    RewriteRule ^(.*)$ - [F,L]
    </IfModule>

    I found the code on some blog, and copied it without really understanding it because I’m not a developer. I thought it was doing good to my site but I guess it didn’t. 🙂 (I think it was also responsible for suddenly slowing down every action on the backend)
    Topic resolved, but if anyone has a better suggestion on coding against SQL injections, I’d appreciate a lot.

    corrinarusso

    (@corrinarusso)

    Lol, glad you got it resolved.

    WordPress does a very good job of sanitizing input and protecting core from injections, etc.
    However, the larger issues generally come from plugins and themes. Make sure you only install themes and plugins that have a strong reputation, and don’t leave plugins hanging around on your site when they are no longer needed. Lastly, would recommend installing a scanner – personally I use MalCare Pro. But there are others, and some hosts like Siteground offer daily scanning for like 2 dollars a month or something.

Viewing 4 replies - 1 through 4 (of 4 total)
  • You must be logged in to reply to this topic.