I'm on a VPS environment so I have root access, btw.
So take a look at these issues:
http://www.sonikastudios.com/wp-content/themes/sonikas/scripts/timthumb.php?src=/wp-content/uploads/tedleescreenshot1.jpg&w=100&h=100&zc=1&q=100
That returns a 404 error.
However when I move timthumb.php to the root of the site, it works.
I verified file/folder permissions, it's not the issue. Also, another PHP generated image that i use for Captcha, is doing the same thing...
So essentially it boils down to no .php files running from within folders. However this is not an issue otherwise because PHP scripts I have under /admin/ on other sites work fine.
So... what could cause this? Most forum articles I read lean towards a mod_security problem, but I don't even know where to start, as I'm not an apache expert.
As you have root access, try looking for what is happening in Apache logs. To follow latest request you can use tail.
Which version of Apache you are running? In my configuration of Apache 2.2 you can follow error log in terminal by invoking:
tail -f /var/log/httpd/error_log
It seems that default configuration of Apache 2.2 has error log in /usr/local/apache2/logs/error_log
, so my configuration is not default.
If you do not have success with error log, try also looking for information in access log, default location at /usr/local/apache2/logs/access_log
.
Same error can occur when the file it self is also writable. Make sure the file is 644 and NOT 666 !
Wordpress is probably using some mod_rewrite rules to send every request to its index.php. And there it’s analyzing the request and returning a 404 status code if one of its internals was requested.
This is a problem with your .htaccess file generated by WordPress. It redirects all requests for your site that aren't wp-admin/ or in your uploads directory to the index.php file for WordPress (the request handler that queries for posts, etc.)
In my case, the following PERMISSION changes solved the (Timthumb.php) issue:
- The PHP script must be
"644"
.
- All of the parent directories must be
"755"
; Neither "775"
nor "777"
.