Unable to edit posts in WordPress with a third-party editor: access forbidden by rule

Follow

Comments

6 comments

  • Avatar
    info (Edited )

    How to secure the wp-includes without blocking wp-tinymce.php?

  • Avatar
    Ivan Postnikov

    Hello @info,

    While securing the WordPress instance you may exclude applying to wp-includes folder security changes, see the screenshot below.

    It is not possible to exclude folder only partly.

  • Avatar
    Peter Luit (Edited )

    I did a 'roll back' on securing the wp-includes folder and inserted a separate .htacces file in that folder with the following:

    <FilesMatch "\.(?i:php)$">
    <IfModule !mod_authz_core.c>
    Order allow,deny
    Deny from all
    </IfModule>
    <IfModule mod_authz_core.c>
    Require all denied
    </IfModule>
    </FilesMatch>
    <Files wp-tinymce.php>
    Allow from all
    </Files>
    <Files ms-files.php>
    Allow from all
    </Files>

    That secures the folder enough but prevents that the wp-tinymce.php file could not be executed. This is for example important for the next version of WordPress (5.0) and the today existing plugin Gutenberg.

  • Avatar
    Ivan Postnikov

    Hello @Peter,

    Thank you for sharing your user experience. This information may be useful for other Pleskians.

  • Avatar
    Peter Luit

    Hi Ivan, thanks for your comment. For most people just the 'roll back' of the wp-includes security will be enough to get Gutenberg working. The code above is not a MUST.... ;-)

  • Avatar
    Ivan Postnikov

    Yes, @Peter, sure it is not a must.

Please sign in to leave a comment.

Have more questions? Submit a request