siritinga
Forum Replies Created
-
Forum: Fixing WordPress
In reply to: wp-admin files has no permissionsDear Jackie, sorry for the delay in my answer.
I’m glad to tell you that you found the problem! It was Cloudflare, somehow it broke WordPress admin pages as you said!
I didn’t disable it (I’m not sure how I can) but I added the IP of the server to the hosts file to access it directly instead of via Cloudflare and it worked perfectly fine, also for my friend, so now he can access and manage it. He is the only one who access to server so probably he will leave it as it is now.
A thousand thanks from both of us 😀
Forum: Fixing WordPress
In reply to: wp-admin files has no permissionsDear Jackie, thank you for your help.
Yes, the wp-login page is in Spanish and it is the login page. I can login but then it says I don’t have permissions for the wp-admin/pages, with any user (not only the administrator).
I’ve also tried your htaccess with no luck. The site seems to work fine but the wp-admin pages cannot be accessed.
I don’t know much about this but it looks more and more like a database problem, as I’ve overwritten the installation with a fresh WordPress package (except the wp-config), I’ve removed the plugins and the .htaccess.
I followed the instructions here https://role-editor.com/restore-lost-wordpress-admin-permissions/ to check administrator role and it is a:1:{s:13:”administrator”;b:1;} which seems to be correct. I haven’t checked the next section, “Restore default user roles”, as I don’t have a backup. I cannot think how it would be possible that the database has been altered but who knows…
I’ve also checked that other wordpress in the same machine have different table prefixes (they do), and they work fine (so it’s not some global problem like PHP or http server configuration).
Any other ideas I can try? 🙂
Thanks a lot!
Forum: Fixing WordPress
In reply to: wp-admin files has no permissionsDear Jackie, thank you for your help and patience. Certainly it’s getting complicated, I’ll tell my friend about the jobs page.
I’ve commented out the WP_HOME and WP_SITEURL variables (no change).
The site URL is https://cluedoenvivo.es , the internal links work fine, the problem is just the admin page.
I’ve also tried to rename the theme-def directory (that’s the one being used) and as you said, the home page stopped working but I could not login in any case.
I’m also including the .htaccess. It contains hundreds of banned IPs that I’ve removed from here (just the first one for you to see the format, I’ve removed the rest). I’ve checked that my own IP is not included there.
I tried to turn off the RewriteEngine tags and I broke the site without being able to log in.
Thank you!
# BEGIN iThemes Security - No modifiques ni borres esta lÃnea # iThemes Security Config Details: 2 # Baneo de IP rápido. Se actualizará en el siguiente guardado de reglas normal. SetEnvIF REMOTE_ADDR "^162\.158\.255\.9$" DenyAccess SetEnvIF X-FORWARDED-FOR "^162\.158\.255\.9$" DenyAccess SetEnvIF X-CLUSTER-CLIENT-IP "^162\.158\.255\.9$" DenyAccess <IfModule mod_authz_core.c> <RequireAll> Require all granted Require not env DenyAccess Require not ip 162.158.255.9 </RequireAll> </IfModule> <IfModule !mod_authz_core.c> Order allow,deny Deny from env=DenyAccess Deny from 162.158.255.9 Allow from all </IfModule> # END iThemes Security - No modifiques ni borres esta lÃnea # BEGIN iThemes Security - No modifiques ni borres esta lÃnea # iThemes Security Config Details: 2 # Activar la caracterÃstica de lista negra de HackRepair.com - Seguridad > Ajustes > Usuarios baneados > Lista negra por defecto # Start HackRepair.com Blacklist RewriteEngine on # Start Abuse Agent Blocking RewriteCond %{HTTP_USER_AGENT} "^Mozilla.*Indy" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "^Mozilla.*NEWT" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "^$" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "^Maxthon$" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "^SeaMonkey$" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "^Acunetix" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "^binlar" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "^BlackWidow" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "^Bolt 0" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "^BOT for JCE" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "^Bot mailto\:craftbot@yahoo\.com" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "^casper" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "^checkprivacy" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "^ChinaClaw" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "^clshttp" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "^cmsworldmap" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "^Custo" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "^Default Browser 0" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "^diavol" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "^DIIbot" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "^DISCo" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "^dotbot" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "^Download Demon" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "^eCatch" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "^EirGrabber" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "^EmailCollector" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "^EmailSiphon" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "^EmailWolf" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "^Express WebPictures" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "^extract" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "^ExtractorPro" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "^EyeNetIE" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "^feedfinder" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "^FHscan" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "^FlashGet" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "^flicky" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "^g00g1e" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "^GetRight" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "^GetWeb\!" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "^Go\!Zilla" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "^Go\-Ahead\-Got\-It" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "^grab" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "^GrabNet" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "^Grafula" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "^harvest" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "^HMView" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "^Image Stripper" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "^Image Sucker" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "^InterGET" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "^Internet Ninja" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "^InternetSeer\.com" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "^jakarta" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "^Java" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "^JetCar" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "^JOC Web Spider" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "^kanagawa" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "^kmccrew" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "^larbin" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "^LeechFTP" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "^libwww" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "^Mass Downloader" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "^microsoft\.url" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "^MIDown tool" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "^miner" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "^Mister PiX" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "^MSFrontPage" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "^Navroad" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "^NearSite" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "^Net Vampire" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "^NetAnts" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "^NetSpider" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "^NetZIP" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "^nutch" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "^Octopus" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "^Offline Explorer" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "^Offline Navigator" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "^PageGrabber" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "^Papa Foto" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "^pavuk" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "^pcBrowser" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "^PeoplePal" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "^planetwork" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "^psbot" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "^purebot" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "^pycurl" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "^RealDownload" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "^ReGet" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "^Rippers 0" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "^sitecheck\.internetseer\.com" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "^SiteSnagger" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "^skygrid" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "^SmartDownload" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "^sucker" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "^SuperBot" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "^SuperHTTP" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "^Surfbot" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "^tAkeOut" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "^Teleport Pro" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "^Toata dragostea mea pentru diavola" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "^turnit" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "^vikspider" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "^VoidEYE" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "^Web Image Collector" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "^WebAuto" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "^WebBandit" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "^WebCopier" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "^WebFetch" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "^WebGo IS" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "^WebLeacher" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "^WebReaper" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "^WebSauger" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "^Website eXtractor" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "^Website Quester" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "^WebStripper" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "^WebWhacker" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "^WebZIP" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "^Widow" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "^WPScan" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "^WWW\-Mechanize" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "^WWWOFFLE" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "^Xaldon WebSpider" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "^Zeus" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "^zmeu" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "360Spider" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "CazoodleBot" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "discobot" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "EasouSpider" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "ecxi" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "GT\:\:WWW" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "heritrix" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "HTTP\:\:Lite" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "HTTrack" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "ia_archiver" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "id\-search" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "IDBot" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "Indy Library" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "IRLbot" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "ISC Systems iRc Search 2\.1" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "LinksCrawler" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "LinksManager\.com_bot" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "linkwalker" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "lwp\-trivial" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "MFC_Tear_Sample" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "Microsoft URL Control" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "Missigua Locator" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "MJ12bot" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "panscient\.com" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "PECL\:\:HTTP" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "PHPCrawl" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "PleaseCrawl" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "SBIder" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "SearchmetricsBot" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "SeznamBot" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "Snoopy" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "Steeler" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "URI\:\:Fetch" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "urllib" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "Web Sucker" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "webalta" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "WebCollage" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "Wells Search II" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "WEP Search" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "XoviBot" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "YisouSpider" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "zermelo" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "ZyBorg" [NC,OR] # End Abuse Agent Blocking # Start Abuse HTTP Referrer Blocking RewriteCond %{HTTP_REFERER} "^https?://(?:[^/]+\.)?semalt\.com" [NC,OR] RewriteCond %{HTTP_REFERER} "^https?://(?:[^/]+\.)?kambasoft\.com" [NC,OR] RewriteCond %{HTTP_REFERER} "^https?://(?:[^/]+\.)?savetubevideo\.com" [NC] # End Abuse HTTP Referrer Blocking RewriteRule ^.* - [F,L] # End HackRepair.com Blacklist, http://pastebin.com/u/hackrepair # Banear servidores - Seguridad > Ajustes > Usuarios baneados SetEnvIF REMOTE_ADDR "^121\.205\.215\.117$" DenyAccess SetEnvIF X-FORWARDED-FOR "^121\.205\.215\.117$" DenyAccess SetEnvIF X-CLUSTER-CLIENT-IP "^121\.205\.215\.117$" DenyAccess SetEnvIF REMOTE_ADDR "^151\.236\.36\.17$" DenyAccess SetEnvIF X-FORWARDED-FOR "^151\.236\.36\.17$" DenyAccess SetEnvIF X-CLUSTER-CLIENT-IP "^151\.236\.36\.17$" DenyAccess SetEnvIF REMOTE_ADDR "^46\.24\.204\.28$" DenyAccess SetEnvIF X-FORWARDED-FOR "^46\.24\.204\.28$" DenyAccess SetEnvIF X-CLUSTER-CLIENT-IP "^46\.24\.204\.28$" DenyAccess SetEnvIF REMOTE_ADDR "^5\.61\.39\.15$" DenyAccess SetEnvIF X-FORWARDED-FOR "^5\.61\.39\.15$" DenyAccess SetEnvIF X-CLUSTER-CLIENT-IP "^5\.61\.39\.15$" DenyAccess SetEnvIF REMOTE_ADDR "^87\.219\.42\.42$" DenyAccess SetEnvIF X-FORWARDED-FOR "^87\.219\.42\.42$" DenyAccess SetEnvIF X-CLUSTER-CLIENT-IP "^87\.219\.42\.42$" DenyAccess SetEnvIF REMOTE_ADDR "^88\.12\.34\.67$" DenyAccess SetEnvIF X-FORWARDED-FOR "^88\.12\.34\.67$" DenyAccess SetEnvIF X-CLUSTER-CLIENT-IP "^88\.12\.34\.67$" DenyAccess SetEnvIF REMOTE_ADDR "^212\.159\.73\.13$" DenyAccess SetEnvIF X-FORWARDED-FOR "^212\.159\.73\.13$" DenyAccess SetEnvIF X-CLUSTER-CLIENT-IP "^212\.159\.73\.13$" DenyAccess SetEnvIF REMOTE_ADDR "^195\.154\.199\.66$" DenyAccess SetEnvIF X-FORWARDED-FOR "^195\.154\.199\.66$" DenyAccess SetEnvIF X-CLUSTER-CLIENT-IP "^195\.154\.199\.66$" DenyAccess SetEnvIF REMOTE_ADDR "^149\.202\.247\.172$" DenyAccess SetEnvIF X-FORWARDED-FOR "^149\.202\.247\.172$" DenyAccess SetEnvIF X-CLUSTER-CLIENT-IP "^149\.202\.247\.172$" DenyAccess SetEnvIF REMOTE_ADDR "^46\.118\.127\.120$" DenyAccess SetEnvIF X-FORWARDED-FOR "^46\.118\.127\.120$" DenyAccess SetEnvIF X-CLUSTER-CLIENT-IP "^46\.118\.127\.120$" DenyAccess SetEnvIF REMOTE_ADDR "^157\.55\.39\.198$" DenyAccess SetEnvIF X-FORWARDED-FOR "^157\.55\.39\.198$" DenyAccess SetEnvIF X-CLUSTER-CLIENT-IP "^157\.55\.39\.198$" DenyAccess SetEnvIF REMOTE_ADDR "^84\.114\.116\.188$" DenyAccess SetEnvIF X-FORWARDED-FOR "^84\.114\.116\.188$" DenyAccess SetEnvIF X-CLUSTER-CLIENT-IP "^84\.114\.116\.188$" DenyAccess <IfModule mod_authz_core.c> <RequireAll> Require all granted Require not env DenyAccess Require not ip 121.205.215.117 Require not ip 151.236.36.17 Require not ip 46.24.204.28 Require not ip 5.61.39.15 Require not ip 87.219.42.42 Require not ip 88.12.34.67 Require not ip 212.159.73.13 Require not ip 195.154.199.66 Require not ip 149.202.247.172 Require not ip 46.118.127.120 Require not ip 157.55.39.198 Require not ip 84.114.116.188 </RequireAll> </IfModule> <IfModule !mod_authz_core.c> Order allow,deny Allow from all Deny from env=DenyAccess Deny from 121.205.215.117 Deny from 151.236.36.17 Deny from 46.24.204.28 Deny from 5.61.39.15 Deny from 87.219.42.42 Deny from 88.12.34.67 Deny from 212.159.73.13 Deny from 195.154.199.66 Deny from 149.202.247.172 Deny from 46.118.127.120 Deny from 157.55.39.198 Deny from 84.114.116.188 </IfModule> # Proteger los archivos de sistema - Seguridad > Ajustes > Sistema de ajustes > Archivos de sistema <files .htaccess> <IfModule mod_authz_core.c> Require all denied </IfModule> <IfModule !mod_authz_core.c> Order allow,deny Deny from all </IfModule> </files> <files readme.html> <IfModule mod_authz_core.c> Require all denied </IfModule> <IfModule !mod_authz_core.c> Order allow,deny Deny from all </IfModule> </files> <files readme.txt> <IfModule mod_authz_core.c> Require all denied </IfModule> <IfModule !mod_authz_core.c> Order allow,deny Deny from all </IfModule> </files> <files wp-config.php> <IfModule mod_authz_core.c> Require all denied </IfModule> <IfModule !mod_authz_core.c> Order allow,deny Deny from all </IfModule> </files> # Desactivar navegación por directorio - Seguridad > Ajustes > Sistema de ajustes > Navegación por directorio Options -Indexes <IfModule mod_rewrite.c> RewriteEngine On # Proteger los archivos de sistema - Seguridad > Ajustes > Sistema de ajustes > Archivos de sistema RewriteRule ^wp-admin/install\.php$ - [F] RewriteRule ^wp-admin/includes/ - [F] RewriteRule !^wp-includes/ - [S=3] RewriteRule ^wp-includes/[^/]+\.php$ - [F] RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F] RewriteRule ^wp-includes/theme-compat/ - [F] # Deshabilitar PHP en Uploads - Seguridad > Ajustes > Ajustes del sistema > PHP en Uploads RewriteRule ^wp\-content/uploads/.*\.(?:php[1-7]?|pht|phtml?|phps)$ - [NC,F] # Inhabilitar PHP en los Plugins - Seguridad > Ajustes > Mejoras del sistema > PHP en Plugins RewriteRule ^wp\-content/plugins/.*\.(?:php[1-7]?|pht|phtml?|phps)$ - [NC,F] # Inhabilitar PHP en Temas - Seguridad > Ajustes > Mejoras del sistema > PHP en Temas RewriteRule ^wp\-content/themes/.*\.(?:php[1-7]?|pht|phtml?|phps)$ - [NC,F] # Filtrar cadenas de consulta sospechosas en la URL - Seguridad > Ajustes > Ajustes del sistema > Cadenas de consulta sospechosas RewriteCond %{QUERY_STRING} \.\.\/ [OR] RewriteCond %{QUERY_STRING} \.(bash|git|hg|log|svn|swp|cvs) [NC,OR] RewriteCond %{QUERY_STRING} etc/passwd [NC,OR] RewriteCond %{QUERY_STRING} boot\.ini [NC,OR] RewriteCond %{QUERY_STRING} ftp: [NC,OR] RewriteCond %{QUERY_STRING} https?: [NC,OR] RewriteCond %{QUERY_STRING} (<|%3C)script(>|%3E) [NC,OR] RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|%3D) [NC,OR] RewriteCond %{QUERY_STRING} base64_decode\( [NC,OR] RewriteCond %{QUERY_STRING} %24&x [NC,OR] RewriteCond %{QUERY_STRING} 127\.0 [NC,OR] RewriteCond %{QUERY_STRING} (globals|encode|localhost|loopback) [NC,OR] RewriteCond %{QUERY_STRING} (request|concat|insert|union|declare) [NC,OR] RewriteCond %{QUERY_STRING} %[01][0-9A-F] [NC] RewriteCond %{QUERY_STRING} !^loggedout=true RewriteCond %{QUERY_STRING} !^action=jetpack-sso RewriteCond %{QUERY_STRING} !^action=rp RewriteCond %{HTTP_COOKIE} !wordpress_logged_in_ RewriteCond %{HTTP_REFERER} !^http://maps\.googleapis\.com RewriteRule ^.* - [F] </IfModule> # END iThemes Security - No modifiques ni borres esta lÃnea # BEGIN WordPress <IfModule mod_rewrite.c> RewriteEngine On RewriteBase / RewriteRule ^index\.php$ - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] </IfModule> # END WordPress # Permanent redirections Redirect 301 /juego_de_misterio_anos_20/ /juegos-de-misterio/the-last-shot/ Redirect 301 /producto/the-last-shot/ /juegos-de-misterio/the-last-shot/ Redirect 301 /contactenos/ /juegos-de-misterio/contacto/ Redirect 301 /cluedo-en-vivo-descargar/ /juegos-de-misterio/ Redirect 301 /categoria-producto/cluedo-en-vivo-para-descargar/ /juegos-de-misterio/ Redirect 301 /teambuilding-para-empresas/ /cluedo-para-teambuilding/ Redirect 301 /quienes-somos/mysterygames.es /juegos-de-misterio/quienes-somos/ Redirect 301 /product-category/cluedo-en-vivo-para-descargar/ /juegos-de-misterio/ Redirect 301 /product/the-last-shot/ /juegos-de-misterio/the-last-shot/ Redirect 301 /teambuilding-para-empresas__trashed/ /cluedo-para-teambuilding/ Redirect 301 /anos-20/ /cluedo-para-descargar/ Redirect 301 /juegos-de-misterio/condiciones-generales/ /condiciones-generales/ Redirect 301 /juegos-de-misterio/feed/ /juegos-de-misterio/ Redirect 301 /quieres-un-cluedo-en-vivo/ /juegos-de-misterio/contacto/ Redirect 301 /product/the-last-shot/ /juegos-de-misterio/the-last-shot/ Redirect 301 /quienes-somos/ /juegos-de-misterio/quienes-somos/Forum: Fixing WordPress
In reply to: wp-admin files has no permissionsSorry for the delay, it’s been some holidays here and I was talking to my friend about the issue. It seems that he did more things before the problem appeared.
The VPS has a ngix proxy configured and a Apache server behind. The ngix originally had only HTTP and he added HTTPS to it. After that, he added a WordPress plugin to redirect every HTTP request to HTTPS.
After that, there was a problem with the site being unavailable for any visitor, as there was some infinite redirection involved. To solve that, in wp-config.txt he added the following:
define(‘WP_HOME’,’http://<url of the site>’);
define(‘WP_SITEURL’,’http://<url of the site>’);
$_SERVER[‘HTTPS’]=’on’;Adding those lines solved the redirection issue but then he noticed that the admin URLs were unavailable. He is not sure at which point the admin URL became unavailable (maybe it was before the last steps).
The list of installed plugins (before I renamed the plugins directory to disable them) is:
akismet
autoptimize
better-wp-security
custom-404-error-page-unlimited-designs-colors-and-fonts
easy-add-thumbnail
really-simple-ssl-disabled
shortcodes-ultimate
simple-download-monitor
ssl-insecure-content-fixer
table-of-contents-plus
wordpress-seo
wp-encrypt
wp-google-analytics
wp-super-cache1
yet-another-stars-ratingI’m not sure if any of those plugins can modify WordPress itself, .htaccess or the database in a way that breaks the admin privileges. I already tried to update WordPress manually (overwriting or replacing the files as described in the manual upgrade page) and the .htaccess.
I can access the logs in /var/log/httpd/domains but I don’t see anything suspicious.
I also set the file permissions to 0644 and directories to 0755. Ownership is admin.admin, the same user/group of the www server.
Is there anything else I can check?
Thank you.
Forum: Fixing WordPress
In reply to: wp-admin files has no permissions@t-p, thank you for your answer. I have tried to disable all plugins (renaming the plugins directory) and did not solve anything. Regarding the theme, I don’t think I cannot access the WP dashboard (is it under wp-admin right?) so it is not possible to change it.
@abletec, thank you for your kind words. I don’t think I could help anyone in WordPress, I seldom know about it, I just tried solutions I found around the internet.
Regarding the system, my fault, I forgot to mention it. It is a Linux VPS running CentOS 6.8 and Apache 2.2.15. There are no more WP sites in the same VPS.
One think I wanted to try is to install a fresh WP using the old wp-config.php file, just to check if it works but I’m worried that a fresh installation with the old tables may break or update something in the database. If you think it is safe, I could try.
Thank you for your help.