• Resolved John Webber

    (@bilion)


    Hi guys

    Under ”Disable Ability To Edit PHP Files”, there is only one option and checkbox:
    ”Check this if you want to remove the ability for people to edit PHP files via the WP dashboard”

    I am unable to uncheck this option. I can, but it is not permanent.
    When I click save, it looks unchecked.
    Then, when I reload the page, I can see that it is checked again.
    And naturally, plugin editing is not available.

    Thanks in advance

Viewing 10 replies - 1 through 10 (of 10 total)
  • Plugin Support vupdraft

    (@vupdraft)

    Hi,

    This sounds like it could be plugin conflict, could you disable all your plugins except All In One and see if the issues persists.
    If it does not, could your reactivate your plugins one by one until the issues reappears and let me know which plugin the issue is with?

    Thread Starter John Webber

    (@bilion)

    Hi vupdraft,

    Thank you for answering.

    I deactivated all plugins except All In One Security.
    I unchecked and saved the Disable Ability To Edit PHP option a few times, but it still remains checked.

    How I can manually undo this setting in the Files Manager in CPanel?

    Plugin Support vupdraft

    (@vupdraft)

    Thread Starter John Webber

    (@bilion)

    Hi,

    I’m actually using CyberPanel. The options are a little different. That tutorial can’t be applied in that way.
    Which file exactly do I need to edit?
    Which line of code should I change and how?

    Plugin Support vupdraft

    (@vupdraft)

    Here is a tutorial on how to access your site via CyberPanel: https://support.hostmight.com/article/how-to-access-cyberpanel-file-manager/

    Once you get tho the public HTML you will need to navigate to the wp-content/plugins/All-in-one-wp-security-and-firewall directory and rename or remove the plugin

    Thread Starter John Webber

    (@bilion)

    Hi. Thank you for answering.

    I can remove the plugin from the WordPress backend.
    Although, disabling it doesn’t allow me to edit the PHP of themes and plugins from WP again.
    The rule definitely needs to be removed manually.
    I need to know where and what code was added, and what to replace it with.

    Plugin Support vupdraft

    (@vupdraft)

    If you unpack the plugin, you should find this file
    wp-security-filesystem-menu.php

    The bit that corresponds to this settings is under function render_tab2()

    Thread Starter John Webber

    (@bilion)

    Hi vupdraft,

    Thank you, but this is the html for how the tab should look in the plugin settings.
    I did disable all of it, just to check, but it didn’t remove the setting.
    I was still unable to edit the PHP from WP backend.

    The code:

    function render_tab2()
        {
            ?>
            <div class="aio_blue_box">
                <?php
                echo '<h2>'.__('What is Malware?', 'all-in-one-wp-security-and-firewall').'</h2>';
                echo '<p>'.__('The word Malware stands for Malicious Software. It can consist of things like trojan horses, adware, worms, spyware and any other undesirable code which a hacker will try to inject into your website.', 'all-in-one-wp-security-and-firewall').'</p>'.
                '<p>'.__('Often when malware code has been inserted into your site you will normally not notice anything out of the ordinary based on appearances, but it can have a dramatic effect on your site\'s search ranking.', 'all-in-one-wp-security-and-firewall').'</p>'.
                '<p>'.__('This is because the bots and spiders from search engines such as Google have the capability to detect malware when they are indexing the pages on your site, and consequently they can blacklist your website which will in turn affect your search rankings.', 'all-in-one-wp-security-and-firewall').'</p>';
    
                $site_scanners_link = '<a href="https://www.site-scanners.com" target="_blank">'.__('CLICK HERE', 'all-in-one-wp-security-and-firewall').'</a>';
    
                echo '<h2>'.__('Scanning For Malware', 'all-in-one-wp-security-and-firewall').'</h2>';
                echo '<p>'.__('Due to the constantly changing and complex nature of Malware, scanning for such things using a standalone plugin will not work reliably. This is something best done via an external scan of your site regularly.', 'all-in-one-wp-security-and-firewall').'</p>'.
                '<p>'.__('This is why we have created an easy-to-use scanning service which is hosted off our own server which will scan your site for malware once every day and notify you if it finds anything.', 'all-in-one-wp-security-and-firewall').'</p>';
                echo '<p>'.__('When you sign up for this service you will get the following:', 'all-in-one-wp-security-and-firewall').'</p>';
                echo '<ul class="aiowps_admin_ul_grp1">
                    <li>'.__('Automatic Daily Scan of 1 Website','all-in-one-wp-security-and-firewall').'</li>
                    <li>'.__('Automatic Malware & Blacklist Monitoring','all-in-one-wp-security-and-firewall').'</li>
                    <li>'.__('Automatic Email Alerting','all-in-one-wp-security-and-firewall').'</li>
                    <li>'.__('Site uptime monitoring','all-in-one-wp-security-and-firewall').'</li>
                    <li>'.__('Site response time monitoring','all-in-one-wp-security-and-firewall').'</li>
                    <li>'.__('We provide advice for malware cleanup','all-in-one-wp-security-and-firewall').'</li>
                    <li>'.__('Blacklist Removal','all-in-one-wp-security-and-firewall').'</li>
                    <li>'.__('No Contract (Cancel Anytime)','all-in-one-wp-security-and-firewall').'</li>
                </ul>';
                echo '<p>'.sprintf(__('To learn more please %s.', 'all-in-one-wp-security-and-firewall'), $site_scanners_link).'</p>';
                ?>
            </div>
    
            <?php
        }
    Plugin Support vupdraft

    (@vupdraft)

    Apologies you are correct. Can you try
    all-in-one-wp-security-and-firewall/classes/wp-security-utility.php, function disable_file_edits()

    Thread Starter John Webber

    (@bilion)

    Hi vupdraft,
    Thank you for helping me.

    I found the php file and removed all of the code related to ”static function disable_file_edits()”.
    I didn’t edit ”function enable_file_edits()” or anything else.

    Nothing changed. The checkbox for ”Check this if you want to remove the ability for people to edit PHP files via the WP dashboard” remains checked when I uncheck, save and reload the page. The problem was still there.

    Since above the code it says:
    * Modifies the wp-config.php file to disable PHP file editing from the admin panel
    * This function will add the following code:
    * define(‘DISALLOW_FILE_EDIT’, false);

    I went to the wp-config.php file and found:

    // BEGIN iThemes Security – Do not modify or remove this line
    // iThemes Security Config Details: 2
    define( ‘DISALLOW_FILE_EDIT’, true ); // Disable File Editor – Security > Settings >
    WordPress Tweaks > File Editor
    // END iThemes Security – Do not modify or remove this line

    And also this at the bottom of the file:

    //Disable File Edits
    define(‘DISALLOW_FILE_EDIT’, false);

    After removing both, I can now disable or enable PHP editing from the All In One Security plugin.
    The only odd thing now, is that it works backwards. When the checkbox is selected, I can edit the PHP. When it is unselected, I can’t edit the PHP.

    So, the problem was the damn iThemes Security plugin!
    And I am having this issue with other plugins. They don’t remove their code after being disabled and deleted!
    Same thing with WPS Hide Login and Flying Scripts and probably many other plugins that I haven’t yet noticed.

    Again, thank you for helping me.

Viewing 10 replies - 1 through 10 (of 10 total)
  • The topic ‘Can’t access PHP editing of themes or plugins’ is closed to new replies.