@tapulator,
Thanks for using Fix Alt Text. I remember this issue from a while back (didn’t realize it was 3 years ago!).
We never received confirmation about whether our solution actually fixed that person’s issue or not so we just closed the ticket.
Id be happy to troubleshoot this issue again. I will need to replicate it on my end and go from there. Please provide the following details:
- WordPress Version
- PHP Version
- Nginx, Apache, Or other web server (and version)?
- Who are you using for hosting? (Make sure we are compatible)
- Are other cron jobs running? Install Cron Control to see if all your wp cron jobs are stacking up and past due.
Thank you.
-Steven
Hey @stevenayers63,
thanks for your help!
Here’s your desired information:
- WordPress version: 6.8.2
- PHP version: 7.4.33
- Web server: Apache 2.4.65
- Hosting: Strato WordPress Hosting (It’s shared hosting. I would say Strato is Germany’s biggest hosting provider.)
Make sure we are compatible
How do I do that?
Are other cron jobs running? Install Cron Control to see if all your wp cron jobs are stacking up and past due.
I see several cron jobs, none past due. fixalttext_scan_cron runs every minute.
I compared the debug and access logs of a working instance (without basic auth) and the broken instance (with basic auth).
My conclusions:
I have to correct my assertion.
Neither the notifications nor the PHP log report any error. But these 2 consecutive messages in the plugin’s debug log caught my attention:
[…] – ajax – info – Fix Alt Text: Dispatching background scan process
[…] – ajax – info – Fix Alt Text: Not doing cron.
That doesn’t seem right. To my understanding, after dispatching the scan, there should be a cron job running.
These messages also occur in the working instance’s debug log, so there’s no problem.
My 2nd finding on the other hand seems to pinpoint the culprit, the unauthorized request:
Furthermore in the access log I see unauthorized requests to /wp-admin/admin-ajax.php?action=fixalttext_scan&nonce=some_nonce although the user is considerd logged in when the action hooks like wp_ajax_fixalttext_scan_start are fired.
This request triggers the crucial maybe_handle callback.
I don’t know if the login state really matters though.
The strange thing is: Disabling basic auth for the critical request doesn’t help. The server still responds with a 401 code. (I tested the “selective” basic auth outside WordPress. It works there, but not when applied on the WordPress directory. Doesn’t make much sense to me right now.)
My comment about “make sure the hosting is compatible” was the reason I asked who your hosting was. So that I (not you) could make sure it was compatible as some have read-only directories which cause issues at the moment. Sorry for the confusion.
Thanks for the additional details. I am about to get on a plane and troubleshoot this during my flight and see what I can come up with by the time I land in a few hours.
-Steven
I tested the “selective” basic auth outside WordPress. It works there, but not when applied on the WordPress directory.
And another failed assertion! 😄
My regex was wrong, so the request would still require basic auth.
With the fixed regex the scan is running. Will take some time though, because the website contains many images.
Looks good so far. 👌
My comment about “make sure the hosting is compatible” was the reason I asked who your hosting was. So that I (not you) could make sure it was compatible as some have read-only directories which cause issues at the moment.
Ah, okay! I have full control over the file permissions. That won’t be a problem.
Overall I’m not sure if your plugin should address the issues WordPress has with basic auth, as you already mentioned in the other thread.
I get the feeling that WordPress wants its users to rely on the build-in password protection. (It’s another topic, but can I hide a WordPress instance this way completely?)
PS: Have a nice flight! 🙂
I consider my problem solved.
One just has to make sure that Fix Alt Text’s requests against /wp-admin/admin-ajax.php and /wp-cron.phpare processed correctly by one’s server.
My solution was to punch 2 holes in the basic auth for the requests mentioned above. RequireAny and Require expr are your friend if you use Apache. No additional plugin needed.
There may be better, safer ways but I’m okay with the current solution.
@tapulator,
I saw your reply last night right before we took off. I’m glad you figured out what the issue was. Could you possibly post that Apache config example here same problem can benefit from your solution?
If you need anything else, please let me know.
-Steven
Ha, I’m reading my previous comment and I meant “post that Apache config example here so people with the same problem can benefit from your solution”.
-Steven
Sure!
Here’s the authorization part of my server config:
AuthType Basic
AuthName "Some text"
AuthUserFile /path/to/.htpasswd
<RequireAny>
<RequireAll>
Require expr %{REQUEST_URI} =~ m#^/wp-admin/admin-ajax.php$#
Require expr %{QUERY_STRING} =~ m#^action=fixalttext_scan&nonce=[a-z0-9]{10}$#
</RequireAll>
<RequireAll>
Require expr %{REQUEST_URI} =~ m#^/wp-cron.php$#
Require expr %{QUERY_STRING} =~ m#^doing_wp_cron=[0-9]+.[0-9]{22}$#
</RequireAll>
Require user some_user
</RequireAny>
Needs to be tuned to one’s setup, obviously. (:
Thank you for sharing that. Closing this ticket.
-Steven
