Price ph casino LOGIN,Jili official website login registration link.REGISTER NOW GET FREE 888 PESOS REWARDS!

Resolved taniav
(@taniav)

9 years, 3 months ago
Hi,

I noticed that if I harden wp-includes, the editor on Posts and Pages edit pages being disabled. The text area just shows white blank space, and I can’t change between tab ‘Visual’ and ‘Text’. That problem goes away if I revert the hardening.

I inspected the page through web inspector’s console when the issue’s occurring. There are errors below:

Failed to load resource: the server responded with a status of 403 (Forbidden) https://my-site.com/wp-includes/js/tinymce/wp-tinymce.php?c=1&ver=4203-20150730

Uncaught ReferenceError: tinymce is not defined post-new.php:2379 (on create new post page)

Uncaught ReferenceError: tinymce is not defined post.php:2400 (on edit post page).

I checked the .htaccess on /wp-includes/ is like below:
```
<FilesMatch "\.(?i:php)$">
  <IfModule !mod_authz_core.c>
    Order allow,deny
    Deny from all
  </IfModule>
  <IfModule mod_authz_core.c>
    Require all denied
  </IfModule>
</FilesMatch>
<Files wp-tinymce.php>
  Allow from all
</Files>
<Files ms-files.php>
  Allow from all
</Files>
```
I see the wp-tinymce.php already set as allow from all, but it still returns 403 forbidden and causing the editors not working.

Any solutions for that?

https://www.ads-software.com/plugins/sucuri-scanner/

Viewing 4 replies - 16 through 19 (of 19 total)

← 1 2

Gary Jones
(@garyj)

8 years, 11 months ago
Justin’s solution worked for me, thanks Justin!

Here’s my full file:
```
<FilesMatch "\.(?i:php)$">
  <IfModule !mod_authz_core.c>
    Order allow,deny
    Deny from all
  </IfModule>
  <IfModule mod_authz_core.c>
    Require all denied
  </IfModule>
</FilesMatch>
<Files wp-tinymce.php>
  <IfModule !mod_authz_core.c>
      Allow from all
    </IfModule>
    <IfModule mod_authz_core.c>
      Require all granted
    </IfModule>
</Files>
<Files ms-files.php>
  <IfModule !mod_authz_core.c>
      Allow from all
    </IfModule>
    <IfModule mod_authz_core.c>
      Require all granted
    </IfModule>
</Files>
```
Kasia
(@kasia_codeword)

8 years, 10 months ago

Just wanted to add that I ran into this issue as well and this thread was extremely helpful. I just recently switched hosting providers, and so I am assuming that the new host does not have the mod_authz_core.c and the previous one did. I am disabling hardening and removing the associated .htaccess files until Sucuri can address this more permanently.

KZeni
(@kzeni)

8 years, 10 months ago

Thanks for the fix, everyone. I used Gary’s full .htaccess file version, and it’s working great for me now!

I’d love to see this patched into the official version.

yorman
(@yorman)

8 years, 10 months ago

Task finished with pull-request #2 [1] and more specifically with commit 3b53624 [2]; once the changes are merged in the master branch and pushed to the WordPress repositories you will see the new rules in the access control file to whitelist PHP files using the authz_core module, this applies to the standard hardening for the three main WordPress core directories and the panel that allows you to whitelist individual (and arbitrary) PHP files; thanks for your patience.

PS. @garyj thanks for your help.

[1] https://github.com/Sucuri/sucuri-wordpress-plugin/pull/2
[2] https://github.com/cixtor/sucuri-wordpress-plugin/commit/3b53624