Facebook
Twitter
Christopher McBride
Basic Pleskian
Hi,
I have a WordPress installation with a plugin to combat spam that has a PHP file to dynamically create a Javascript file located in the plugin's directory within the wp-content folder.
Utilising the WP Toolkit to "secure" the WordPress installation, it adds .htaccess and nginx configurations to prevent the accessing of php files within the wp-content and wp-includes directories.
The plugin has overridden the .htaccess file itself with it's own .htaccess in the plugin folder, however the nginx configuration to override this is eluding me.
The WP Toolkit adds the following into the vhosts's nginx configuration file:
#extension wp-toolkit begin
location ~* wp-config.php { deny all; }
location ~* "^/wp-content/.*\.php" { deny all; }
location ~* "^/wp-includes/.*\.php" { deny all; }
#extension wp-toolkit end
I wish to override this to allow access to the file at /wp-content/plugins/wp-spamshield/js/jscripts.php at a global server level.
I have tried doing this on an individual vhost level with the additional nxginx directives, but nothing appears to be working.
I've tried simply:
location /wp-content/plugins/wp-spamshield/js/jscripts.php {allow all;}
And more advanced:
location /wp-content/plugins/wp-spamshield/js/jscripts.php {
proxy_pass http://x.x.x.x:7080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Accel-Internal /internal-nginx-static-location;
access_log off;
allow all;
}
Can anyone help to get this overridden for all vhosts, please?
I have a WordPress installation with a plugin to combat spam that has a PHP file to dynamically create a Javascript file located in the plugin's directory within the wp-content folder.
Utilising the WP Toolkit to "secure" the WordPress installation, it adds .htaccess and nginx configurations to prevent the accessing of php files within the wp-content and wp-includes directories.
The plugin has overridden the .htaccess file itself with it's own .htaccess in the plugin folder, however the nginx configuration to override this is eluding me.
The WP Toolkit adds the following into the vhosts's nginx configuration file:
#extension wp-toolkit begin
location ~* wp-config.php { deny all; }
location ~* "^/wp-content/.*\.php" { deny all; }
location ~* "^/wp-includes/.*\.php" { deny all; }
#extension wp-toolkit end
I wish to override this to allow access to the file at /wp-content/plugins/wp-spamshield/js/jscripts.php at a global server level.
I have tried doing this on an individual vhost level with the additional nxginx directives, but nothing appears to be working.
I've tried simply:
location /wp-content/plugins/wp-spamshield/js/jscripts.php {allow all;}
And more advanced:
location /wp-content/plugins/wp-spamshield/js/jscripts.php {
proxy_pass http://x.x.x.x:7080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Accel-Internal /internal-nginx-static-location;
access_log off;
allow all;
}
Can anyone help to get this overridden for all vhosts, please?
