Try adding define('CONCATENATE_SCRIPTS', false); to your wp-config.php file just below the define('DB_HOST' line.
To do so, access your server via FTP or SFTP and edit the file with a plain text editor.
https://codex.wordpress.org/Editing_wp-config.php#Disable_Javascript_Concatenation
Hi James,
Here is the result from our kind 1&1 host contact:
So it did not work for me. While it took away the forbidden error, the next error is “Tinymce” is not defined.
Any further thoughts?
That’s the result after setting concatenate_scripts to false?
If so, try downloading WordPress again and delete then replace your copies of everything except the wp-config.php file and the /wp-content/ directory with fresh copies from the download. This will effectively replace all of your core files without damaging your content and settings. Some uploaders tend to be unreliable when overwriting files, so don’t forget to delete the original files before replacing them.
I’ve been helping out Innovation2 with this issue, and reproduce the issue on multiple servers. We’ve gone over replacing all but the wp-content and wp-config.php.
Disabling the Concatenate_scripts gets the Tinymce is not defined, using Script_Debug fixes everything but of course has debug.
Environments have been:
CentOS 6 and 7,
PHP running as FPM 5.4 or 5.5
Each server worked prior to the 4.4, but 4.4 causes the issue. We’ve disabled all Plugins/Themes, rebooted the servers / services, etc. Also disabled .htaccess.
Innovation, I’ll explain more offline, but found this going through Plesk forums:
http://talk.plesk.com/threads/pppm-3732-wordpress-toolkit-problem-after-check-for-updates.336168/
Appears that there’s configuration issues with Plesk software and their security features that’s colliding with WP4.4.
While that may explain why tinymce.php doesn’t work (a fluke in their security/permissions with the wp-includes directory) it doesn’t explain why Concatenate_Scripts doesn’t work.
I’m going to check with my Plesk Admins to find out more information as it applies
Confirmed.
Issue appears related to their “Secure wp-includes” and the fact that the updates were applied directly via WordPress rather than via the Plesk software. Plesk’s wordpress toolkit auto-magically disables the secure feature, updates wordpress, and resecures it (atleast from what I can gather). The fix is to simply go into the Toolkit, Select All, click “Check Security”, and Roll Back “Secure wp-includes”. Once it’s rolled back, resecure it again.
http://talk.plesk.com/threads/how-to-exception-wp-tinymce-php-with-wordpress-toolkit.332872/#post-779781
Ah, that makes sense. I had a similar report earlier.
What happens if you upgrade one of the sites manually?
https://codex.wordpress.org/Upgrading_WordPress_Extended
The issue appears more so in the way that Plesk is integrated into Apache and handles the “Security” feature. When a customer uses Plesk’s “Secure wp-content” or “Secure wp-includes”, Plesk is not locking it down via .htaccess, but instead is locking it down at a much higher level. I’d presume it’s somewhere in their httpd.conf, but that could be very off base.
So we could have manually upgraded all day, and came out with the same results since it’s still locked into the same working directory “/var/www/domain.tld/httpdocs”. In testing, I confirmed that a fresh install of WordPress that is placed in a new fresh directory and never touched Plesks Security feature, worked flawlessly in base configuration (2012Theme, no plugins). However placing that in a directory previously secured by Plesk, then it’ll follow those same rules previously added, and the wp-content and includes would be borked.
The main gist of Securing these folders is to stop HTTP access to .php files and preventing them from being executed. In terms of TinyMCE this affects the concatenation of tinymce.php, but it also affects some ajax applications that call .php. Typically it all just works, but for whatever reason, 4.4 had a rough rollout with Plesk and they appear to be gearing up for an update tomorrow the 14th that’s suppose to address their Toolkit.
Thanks! Would you mind informing Plesk of that as a customer? Between this and their defective 4.4 update package, they need to make some changes, which is hopefully what will happen on the 14th apparently.
Tim, you’re a genius, thanks. I’ve been struggling with this for ages and could never get to the root of it. Many thanks!
