Theme and Plugin Editors won’t save PHP files

  • Context: WordPress 6.1.1, child theme of Hueman Pro, all plugins are current. In addition to a small bit of code in my child theme’s functions.php, I have a self-built single-file plugin to house code that is not theme-related. I have not edited my theme code or that little plugin since 2021.

    Today I tried to edit both of them using WordPress’s Theme File Editor and Plugin File Editor. (I do have FTP, but I thought this would be simpler.) But when I click “Update File” for either functions.php or the plugin (even if I do it with no actual changes), I get this:

    “Something went wrong. Your change may not have been saved. Please try again. There is also a chance that you may need to manually fix and upload the file over https://FTP.”

    However, I can update style.css successfully, so apparently the problem is only with PHP files.

    In FTP I checked permissions – all the files (including style.css and the PHP files) are 644 and have the same owner, so apparently there is something in WordPress itself that is allowing editing of CSS files but not PHP files. I don’t remember whether I used FTP or WordPress’s theme/plugin editors to work on those files in the past, but I know I have used those editors on at least some of the sites I manage, and I don’t remember ever seeing this error before. Searching the web, it seems that most of the complaints about it are more than two years old or caused by something very specific that doesn’t apply to this site. I tested switching to the TwentyTwentyThree theme, in case Hueman Pro had added some sort of restriction, but the behavior was the same. I looked through WordPress settings to see if there was some new safety valve that I needed to disable, but I didn’t see anything like that. Thoughts?

Viewing 6 replies - 16 through 21 (of 21 total)
  • Moderator Samuel Wood (Otto)

    (@otto42)

    www.ads-software.com Admin

    But if I add <?php, even if those are the only five characters in the file, it fails.

    I’m getting a 406 error

    That’s a sign of a failure through mod_security. In my experience anyway.

    406 Is an unusual status code. One of the causes of it is mod_security, which is an Apache module that allows various rule sets to cause blocks at the webserver level.

    So, in essence, it sounds like your host is intentionally blocking data with PHP code in it. When you try to post PHP code through the Web Server, the request is straight blocked, and that’s the result.

    So, short version, you have to talk to your host. They may have some way for you to disable that mod_security check. Or switch hosting accounts to a better host. Or live with it. It’s very much your choice.

    I’m not sure if this will help anyone but I had a similar situation where I was able to edit the style.css but not the php files. The site I was working on is hosted on GoDaddy and they have some firewalls that prevented this. I had to basically whitelist my ip address to be able to make the changes with the theme editor for my client. Hope this helps someone cause I definitely couldn’t find the solution without having to go through multiple calls with godaddy.

    Thread Starter OsakaWebbie

    (@osakawebbie)

    @shuangmiles How did you add your IP to a whitelist? Is that something that can be done in cPanel? If I can solve this without asking the hoster for special treatment, that’s simplest. The account owner is not a techie, so it will be hard to communicate with the hoster through him for a topic like this.

    It was an option in godaddy’s security settings, it wasn’t through cpanel. Here are instructions that they gave me but maybe you can try to see if you can get your account owners ip and see if your host has a similar firewall ?

    https://www.godaddy.com/help/allow-or-block-website-access-27422

    Thread Starter OsakaWebbie

    (@osakawebbie)

    Thanks. There is nothing in the admin interface outside of cPanel related to security or firewalls, and although I could block IP addresses in cPanel’s IP Blocker, it has no option to do the opposite, giving an IP more access than the default. (BTW, it’s my IP address that would need whitelisting, not the owner’s, as I’m the one who edits PHP files.)

    @otto42 While I was burrowing around in cPanel, I spotted ModSecurity – is that what you were talking about? I temporarily disabled it for the domain I’m working with, but the Theme Editor still wouldn’t save PHP files.

    @shuangmiles I had the same problem, used the link you listed, followed the directions and was able to update the PHP file. Thank you!

Viewing 6 replies - 16 through 21 (of 21 total)
  • The topic ‘Theme and Plugin Editors won’t save PHP files’ is closed to new replies.