IN Wordpress, .php files within the theme folder d

2019-07-05 13:31发布

问题:

I'm on a VPS environment so I have root access, btw.

So take a look at these issues: http://www.sonikastudios.com/wp-content/themes/sonikas/scripts/timthumb.php?src=/wp-content/uploads/tedleescreenshot1.jpg&w=100&h=100&zc=1&q=100

That returns a 404 error.

However when I move timthumb.php to the root of the site, it works.

I verified file/folder permissions, it's not the issue. Also, another PHP generated image that i use for Captcha, is doing the same thing...

So essentially it boils down to no .php files running from within folders. However this is not an issue otherwise because PHP scripts I have under /admin/ on other sites work fine.

So... what could cause this? Most forum articles I read lean towards a mod_security problem, but I don't even know where to start, as I'm not an apache expert.

回答1:

As you have root access, try looking for what is happening in Apache logs. To follow latest request you can use tail.

Which version of Apache you are running? In my configuration of Apache 2.2 you can follow error log in terminal by invoking:

tail -f /var/log/httpd/error_log

It seems that default configuration of Apache 2.2 has error log in /usr/local/apache2/logs/error_log, so my configuration is not default.

If you do not have success with error log, try also looking for information in access log, default location at /usr/local/apache2/logs/access_log.



回答2:

Same error can occur when the file it self is also writable. Make sure the file is 644 and NOT 666 !



回答3:

Wordpress is probably using some mod_rewrite rules to send every request to its index.php. And there it’s analyzing the request and returning a 404 status code if one of its internals was requested.



回答4:

This is a problem with your .htaccess file generated by WordPress. It redirects all requests for your site that aren't wp-admin/ or in your uploads directory to the index.php file for WordPress (the request handler that queries for posts, etc.)



回答5:

In my case, the following PERMISSION changes solved the (Timthumb.php) issue:

  1. The PHP script must be "644".
  2. All of the parent directories must be "755"; Neither "775" nor "777".