dwinden
Forum Replies Created
-
As per the forum guidelines please create a new topic for your issue.
Your post has absolutely NOTHING to do with this topic.dwinden
Correction. There is another iTSec plugin setting that seems to have an unexpected side effect.
If you also have the Disable PHP in Uploads setting enabled try and disable it.
After disabling both (System Tweaks section) settings I was able to access and browse the folder. No more 403.
dwinden
You can find a specific fix for the Disable PHP in Uploads issue in this topic.
The general idea behind the fix above also applies for the HackRepair.com Blacklist. Only difference is that it needs to be fixed in a different file:
wp-content/plugins/better-wp-security/core/modules/ban-users/lists/hackrepair-apache.inc
dwinden
It looks like your WordPress site is not using Nginx but Apache web server.
Follow these instructions to find out which web server your WordPress site is using:
– log into WP Dashboard.
– navigate to the Security->Dashboard menu option.
– Scroll down to the System Information metabox.
– Look for Server Type: in the Server Information section.It will probably not show the version, just Apache. You may need to contact your hosting provider to get the web server version.
Anyway I’m pretty sure its Apache 1.3.x. I’ve seen this issue before…
This is an Apache 1.3.x specific issue.dwinden
I don’t think you need to turn on any php modules.
Are there any errors in the error_log file ?dwinden
You mean deactivate the iTSec plugin (=turn off ITS).
Direct file access works fine in my test env.
When I try to access the folder I get:Forbidden
You don’t have permission to access /wp-content/uploads/2016/03/ on this server
Which is a 403 status code and not a 404 (page not found).
Seems like we are missing a piece of the puzzle.Anyway there is only one iTSec plugin setting that may be related.
If enabled try and disable the Directory Browsing setting in the System Tweaks section of the iTsec plugin Settings page.dwinden
Have you tried accessing the file directly instead of the folder ?
For example. Let’s say you saved an image named test.jpg in the wp-content/uploads/2016/03 folder.
Try and access the file directly like this:
http://www.domain.com/wp-content/uploads/2016/03/test.jpg
Let me know if you specifically need access to the folder to browse its content.
dwinden
According to the FAQ section in the readme.txt:
= Where can I get help if something goes wrong? =
* Official support for this plugin is available for iThemes Security Pro customers. Our team of experts is ready to help.Free support may be available with the help of the community in the WordPress.org support forums (Note: this is community-provided support. iThemes does not monitor the WordPress.org support forums).
dwinden
@rush Hour Marketing Technology
Did running the SQL command from phpMyAdmin as suggested in an earlier post result in any itsec_% settings ?
If so, indeed reinstall, activate, deactivate and then delete plugin should do the trick. Hopefully deactivation works this time.
If not then all the settings seem to be removed from the database and all is fine.
dwinden
My previous post was not intended as a possible permanent fix.
It was just an idea to determin which HackRepair.com Blacklist line is causing your issue.Note the suggested line to comment would normally block any request with an empty User Agent string.
This particular line is known to cause a lot of issues …dwinden
What web server and what version of that web server are you using ?
This issue could be due to using an old Apache 1.3.x release.
Check the Apache error_log for an error that looks like this:RewriteRule: cannot compile regular expression ‘^wp-content/uploads/.*\\.(?:php[1-6]?|pht|phtml?)$’\n
dwinden
@rush Hour Marketing Technology
If you require no further assistance please mark this topic as “resolved”.
dwinden
