Applicable to:
- Plesk for Linux
- Plesk for Windows
Symptoms
-
WordPress Admin Dashboard is not displayed properly: layout is broken, css/js scripts are not loaded.
-
One of the following error messages appear in domain's log at Domains > example.com > Logs:
CONFIG_TEXT: access forbidden by rule, client: 203.0.113.2, server: example.com, request: "GET /wp-admin/load-scripts.php?... HTTP/2.0", host: "example.com", referrer: "https://example.com/wp-admin/update-core.php"
CONFIG_TEXT: AH01630: client denied by server configuration: /var/www/vhosts/example.com/httpdocs/wp-admin/load-scripts.php, referer: https://example.com/wp-admin/
If LiteSpeed is used instead of Apache, the following error message appears in /var/www/vhosts/example.com/logs/error_log:
CONFIG_TEXT: [ACL] Access to context [/wp-admin/] is denied!
-
Browser DevTools (F12) > Console tab shows that
load-styles.php
and/orload-scripts.php
cannot be processed by a web-browser with a 403 Forbidden error.
Cause
JavaScript conflict in WordPress theme or plugin.
Resolution
-
Go to Domains > example.com > WordPress tab > Security.
-
On the Security Status page, select the option Disable scripts concatenation for WordPress admin panel and click Secure.
Note: If the Secure button is grayed out, select the option Disable scripts concatenation for WordPress admin panel and click Revert. Then secure again.
Note: In some cases, website code may require the CONCATENATE_SCRIPTS option to be enabled. If required, revert the security option Disable scripts concatenation for WordPress admin panel.
Other options to disable scripts concatenation for WordPress admin panel:
-
Go to Domains > example.com > File Manager.
-
Open the document root and click on the wp-config.php file.
-
Add the following record at the end of the file before the
require_once
directive:CONFIG_TEXT: define('CONCATENATE_SCRIPTS', false);
-
Save the changes.
-
Connect to the Plesk server via SSH.
-
Open the file
/var/www/vhosts/example.com/httpdocs/wp-config.php
in a text editor (for example, vi editor). -
Add the following record at the end of the file before the
require_once
directive:CONFIG_TEXT: define('CONCATENATE_SCRIPTS', false);
-
Save the changes and close the file.
Comments
7 comments
If this is already at the beginning of the file, is this still recommended?
Would we add this anyway leaving them both in place, remove the one from the beginning of the file in addition to adding this to the end, or leave it as-is without adding it at all?
Hello @Greg P,
One is sufficient, no need to add the record twice.
It is showing for all the websites on the server. How to fix over 200 websites ??
Hello @Salman,
Am I correct that you have the same issue for all of these websites?
Have you tried the above steps for some of the websites?
For this particular issue, the solution doesn't look scalable.
In case the issue is different, please, create a request to Plesk Support to have a closer look at the issue.
Hello. Unfortunately I have this issue for two domains. One was solved by this tip:
in the wp-admin/load-styles.php file, change "error_reporting(0);" to "error_reporting( E_ALL | E_STRICT );" then refresh the page, if the page style return to normal, reverse the code change to it's initial state, and your site should look fine.
The second one I can not fix with any solution
Regards
Hello,
Actually, this is not a solution; this WordPress functionality should work.
What is the problem in nginx for this error?
I have tested on other servers with nginx (not plesk) this WordPress functionality works fine.
What is failing in plesk?
The concatenation of scripts, helps the loading speed of the wordpress backend.
How can it be corrected?
Greetings, Thank you.
I'm curious why this happens even with the Web Application Firewall disabled in the Plesk subscription. What other "rule" is still active to interfere when the WAF is disabled? Is this a bug in disabling WAF on the subscription?
> [error] 3520#0: *438461 access forbidden by rule
Please sign in to leave a comment.