Glad to help. Inspecting the page code, there are several USP scripts that are not available (403 Forbidden) on the server.
Hi Thanks for your reply. So the problem is with the server? Should I contact the hosting company? Thanks again!
I don’t know why the files are 403 Forbidden. Normally they are accessible and there are no such issues. So yes, ask your web host for help would be a good next move.
-
This reply was modified 2 years, 7 months ago by
Jeff Starr.
My hosting company asked” In order to check on the file permissions of those files, can you tell me what file/scripts have WP support advised of ?” Thank you!
If you right click on your web page and select “Inspect”, you can find the errors/files under the “Console” tab. You’ll know it because the error messages are displayed in red color font.
Hi Good afternoon!
I got a reply from the hosting company. Please check below and let me know. Thank you very much!
“I was able to recreate the issue on my end.
After that, I found out that the following usp.css file was returning 403 because of a security rule on the server:
https://matotanks.com/wp-content/plugins/user-submitted-posts/resources/usp.css
The mentioned rule is added because the “user-submitted-posts” plugin is vulnerable, and malicious codes can be easily injected.
In my investigation, I deactivated the rule mentioned above, and the following URL is accessible:
https://matotanks.com/wp-content/plugins/user-submitted-posts/resources/usp.css
In this case, the issue still exists, and the above rule did not cause it.
Unfortunately, I could not find other related errors in the server logs.
I left the rule mentioned above deactivated and recommend contacting the plugin support again and discussing the issue with them. “
Weird. What do they mean by this:
“The mentioned rule is added because the “user-submitted-posts” plugin is vulnerable, and malicious codes can be easily injected.”
I know of no outstanding security issues with any of my plugins. User Submitted Posts has over 20K active installs and is working great. The issue with the 403/Forbidden files is specific to your setup. I.e., the server. There is something misconfigured or otherwise not working correctly, which hopefully your web host can help with.
Also: Will you ask your web host specifically how the plugin is vulnerable, so I can fix it asap. As per WordPress safe reporting policy, please do not post publicly any reply concerning a plugin’s security. Instead let us know via our contact form. Responsible disclosure enables developers to patch things up before anything can be exploited.
HI
I contacted siteground, the hosting company. They said the following. Please let me know if anything else I can do to get the problem fixed? Please see below:
“Currently, the server security rules that were affecting the mentioned plugin are deactivated, and the https://matotanks.com/wp-content/plugins/user-submitted-posts/resources/usp.css file is loading without error 403.
Also, I could not find other blocked requests from the server.
Regarding the provided information from the plugin support, there are still blocked requests:
The issue with the 403/Forbidden files is specific to your setup. I.e., the server. There is something misconfigured or otherwise not working correctly, which hopefully your web host can help with.
Please contact the support to provide the list of all plugin resources blocked by the server, and we will check them. “
Checking your page again, the required USP plugin file is not included:
jquery.usp.core.js
This file is required in order for the form to work correctly (e.g., the “Add another image” link). You can check the plugin option “Include JavaScript” and make sure it is enabled.
Hi Jeff
The problem is fixed now. Thank you very much for your support!
You’re welcome, @hickory. Best to you and your project.
Hi Jeff, Thank you so much. Please let me know how can I delete this topic?
You’re welcome, @hickory.
I’m not sure how to delete a topic, or if possible. You would need to reach out the WP team, maybe post in the general forum or on Slack.
