georgburesch

It was recommended by my service provider and in the official word press documentation the same is written:

see Securing wp-admin

Hardening WordPress

However, they mention, this “might also break some WordPress functionality, such as the AJAX handler”. Unfortunately, the link to “how to set it up properly” doesnt work…

Thank you for your reply Bob!

I understand the problem, but lack the technical skills to solve it.

I tried to copy the admin-ajax.php file to the root-folder as well as to wp-content/plugins/chained-quiz folder. Both didn’t help. I also saw that within the chained-quiz-php file everywhere it refers to AJAX it is defined “wp-admin”.

How can I solve this? Should I move the admin-ajax.php file somewhere else or edit the chained-quiz-php file? If the latter, which lines?

Thanks and BR, Georg

Hi Adam!

Thanks a lot for your explanation and your proposition how to fix it! Unfortunately, I still couldn't fix the issue...

I went to the "/wp-content/uploads/forminator/" folder, opened the ".htaccess" file, deleted " Options -ExecCGI" and refreshed.

Then - in the same folder - I created a file "formiantor-css-server-error-patch.php and added your code

add_filter( 'forminator_upload_root_htaccess_rules', 'wpmudev_remove_htaccess_rules', 10, 1 );

function wpmudev_remove_htaccess_rules( $rules ) {

            if ( ! empty( $rules ) ) {

                        $rules = str_replace('Options -ExecCGI', '', $rules);

            }

            return $rules;

}

Then I moved it to "wp-content/plugins". I have 2 questions here:

- First its named plugins instead of mu-plugins, is that OK?

- Should I move it to the general plugin folder or the subfolder for forminator? I tried both options individually without success...

Regarding your alternative solution :

- With " check other plugins on site (and setting of the server)" you mean the settings of my hosting provider, the wordpress settings and the settings of all plugins. Correct?

- In case you actually meant again via FTP client app, let me know. I had a look there on further plugins and htaccess files, but I don't understand the language.

- Within the settings of my hosting provider I do have "Verzeichnisschutz" (folder protection) for wp-admin, stats and staging, however not for "/wp-content/uploads"

- Before I contacted you, I discussed the issue with my hosting provider, they renewed the folder protection and concluded, the problem must arise from one of the plugins...

- Finally, I just updated Forminator, also without any consequence...

Any further ideas?

Thanks again and best regards, Georg

Dear Louis! Thanks for your swift reply!

When I deactivate Forminator, my website does not ask users for login. When I delete the short codes of both of my forms via elementor, my website does not ask users for login. When I leave at least one of the two short codes (I tested both), my website asks users for login.

So I am pretty sure it is Forminator that asks users for login, but I dont know how to change that in the settings of Forminator or my general WP-admin area. Any further ideas? Otherwise, I could only replace Forminator with a different form plugin…

Thanks again and BR, Georg