Home › Forums › BulletProof Security Pro › MoPublication – You dont have permission to access /wp-admin/media-upload.php on this server
Tagged: media-upload, media-upload.php, MoPublication
- This topic has 12 replies, 2 voices, and was last updated 10 years, 7 months ago by bill.
-
AuthorPosts
-
billParticipant
Hello. I am receiving the following message when I attempt to upload an image in my dashboard via a plugin…
You don’t have permission to access /tito/wp-admin/media-upload.php on this server.
Additionally, a 500 Internal Server Error error was encountered while trying to use an ErrorDocument to handle the request.Is this a plugin firewall or .htaccess issue? Thanks in advance for any insight.
AITpro AdminKeymasterMost likely this does not have anything to do with BPS. BPS does not interfere with the standard WordPress Media Uploader in any way. How are you doing the upload? Are you using the standard WordPress Media Uploader or are you using a plugin to upload Media via that plugin? What type of file are you trying to upload? How large is the file? Are you running low on Server disk space?
billParticipantIts actually via a plugin and not WP’s media uploader… WP’s media uploader actually works fine… No issues.
AITpro AdminKeymasterOk then check your BPS Security Log and post the logged error that is related to this plugin error. Also what is the name of this plugin?
billParticipantThe plugin’s name is MoPublication: http://wordpress.org/plugins/mopublication Checking security log now… No security issue was logged…
AITpro AdminKeymasterThen that means the uploader is using stand alone java that fires outside the norm of php. I’ll install and test the plugin and post whatever skip/bypass rule is needed for this plugin. If I find that BPS Pro is blocking this plugin for a good reason then I will obviously advise you to find a safe alternative plugin.
billParticipantOk, thank you.
AITpro AdminKeymasterThe Media Upload method is perfectly safe in this plugin. It is fine to whitelist this by adding this skip/bypass rule to wp-admin Custom Code.
1. Copy this code below to this BPS Custom Code text box:
# media-upload.php skip/bypass rule RewriteCond %{REQUEST_URI} (media-upload\.php) [NC] RewriteRule . - [S=2]
2. Click the Save wp-admin Custom Code button.
3. Go to the Security Modes page and activate wp-admin BulletProof Mode again.billParticipantWorking perfectly now…. Thanks for everything. Everything. It’s actually displaying the WP media uploader now… So, when I select an image to upload, instead of uploading to the plugin, it appears to be going to my media library instead. Edit: Yes, its definitely going to the media library.
When I saw that the forbidden message was removed, got excited. But, no, its not working correctly. Instead of uploading to the plugin where the image can be used for its respective purpose (e.g.; logo, icon, ad banner, etc.), the upload window looks like the reg. WP media uploader — so when I upload the logo, icon or ad banner image (within the plugin section of the dashboard), the file goes to my media library and is not associated with/inaccessible (to the plugin).
AITpro AdminKeymasterThat does not have to do with BPS since BPS has whitelisted the media-uploader.php file and is no longer involved in the equation. You are probably doing something wrong procedurally. The Media Upload window normally gives you several different ways to save files, insert files, etc. Check the help info for this plugin to find out what you need to do procedurally.
billParticipantWill do. Thanks again.
AITpro AdminKeymasterI just played with the plugin for a second and what you have to do is choose Insert Into Post and NOT Save all changes. You will then see your image in the floating mobile device graphic.
billParticipantYahtzee!!! That’s it… Thanks!
-
AuthorPosts
- You must be logged in to reply to this topic.