PHP files downloading instead of opening

Home Forums BulletProof Security Pro PHP files downloading instead of opening

This topic contains 8 replies, has 3 voices, and was last updated by  AITpro Admin 4 months ago.

Viewing 9 posts - 1 through 9 (of 9 total)
  • Author
    Posts
  • #31180

    Young Master
    Participant

    Hello AIT Pro Admin,

    Am experiencing unusual problem on my wordpress website which is hosted at Go Daddy. The problem am experiencing is that some of the wordpress files will start downloading themselves as soon as I have finished installing wordpress. Some of those files are wp-admin/index.php and wp-admin/edit.php.

    wp-admin/index.php will start to download itself through my browser whenever am clicking the wordpress admin home button and wp-admin/edit.php ill start to download itself through my browser whenever am clicking the wordpress admin posts button.

    This happens few after installing wordpress even before I have installed BPS Pro.

    Also when I try to to add php.ini code which is found on this forum as soon as I activate root .htaccess file the site breaks and all the wordpress files will start downloading themselves through browser.

    I dont know whats wrong, I tried to re-install wordpress several times, change data center s but the results are the same.

    Please help.

    #31181

    AITpro Admin
    Keymaster

    The problem is being caused by using invalid/incorrect php/php.ini handler htaccess code in your Root htaccess file.  Do these steps below:

    1. Use FTP or your web host control panel file manager and delete this file (if you already have BPS Pro installed):  /wp-content/bps-backup/autorestore/root-files/auto_.htaccess and then delete your Root htaccess file (in your WordPress installation folder, same folder where the wp-config.php file is located).
    2. Login to your website, go to the BPS B-Core > Security Modes page and click the Root Folder BulletProof Mode deactivate button.
    3. Login to your Go Daddy control panel and do the Go Daddy steps here to change your PHP version:  https://www.godaddy.com/help/view-or-change-your-php-version-3937
    4. Go to the BPS htaccess File Editor page > Your Current Root htaccess File tab > copy the new Go Daddy php/php.ini handler code that you will now see added at the top of your Root htaccess file by Go Daddy.
    5. Paste the Go Daddy php/php.ini handler code into this Custom Code text box:  
    6. Click the Save Root Custom Code button.
    7. Go to the Security Modes page and click the Root Folder BulletProof Mode activate button.

    #31182

    Young Master
    Participant

    Thanks AIT Pro Admin for your quick response. But also there are two files wp-admin/index.php and wp-admin/edit.php. which also download themselves as soon as I have finished installing wordpress.

    wp-admin/index.php will start to download itself through my browser whenever am clicking the wordpress admin home button and wp-admin/edit.php ill start to download itself through my browser whenever am clicking the wordpress admin posts button.

    This happens on a fresh installed wordpress site whithoud adding anything in it eg: themes, plugins, or any .htaccess codes.

    #31183

    AITpro Admin
    Keymaster

    Ok so maybe there is php/php.ini handler code in your wp-admin htaccess file?  The wp-admin htaccess file should not have any php/php.ini handler code in it.  php/php.ini handler htaccess code should only be in the root htaccess file.  Try deleting your wp-admin htaccess file and see if that solves the problem.

    Another possibility is that you have an htaccess file higher up in your hosting account folder structure that has invalid php/php.ini handler htaccess code in it.

    Example:
    /.htaccess – file with invalid php/php.ini handler code in it, in the hosting account root folder.
    /new-website-installation/ – folder where you are installing your new WP site.  The root htaccess file in the hosting account root folder will apply the php/php.ini handler code to the /new-website-installation/ folder/website.

    #31186

    Young Master
    Participant

    I checked the wp-admin folder but there was no .htaccess file. also I tried to delete and re-upload wp-admin/index.php file and wp-admin/edit.php file but I am still experiencing the same problem.

    #31187

    AITpro Admin
    Keymaster

    Ok well then you are going to have to contact Go Daddy support to find out what is wrong.  It may be a corrupt folder permission problem or maybe an old custom php.ini file under your hosting account or maybe something else.  Not really sure.

    #31208

    Young Master
    Participant

    After hustling for a while I have managed to fix the issue of creating php.ini file. For hosting that is using Cpanel; Go Daddy doesnt use php.ini handler for creating php.ini file. All you have to do is create your php.ini file, put it on the root directory of your website.

    But after creating yor php.ini file you changes wont take effect untill you kill all of PHP processes. In order to kill PHP processes login to website’s control panel, go to PHP processes. On PHP Processes you will see all the PHP processes that are currently running. Click on Kill Processes button in order to kill all active PHP processes. Once you have done that all of the active PHP Processes will be terminated and your new settings on your custom php.ini file will start to take effect.

    I was also able to identify the cause of some of php files in wp-admin directory downloading instead of opening. This happens only when you have set your wordpress site url as http://www.example.com. But if you set your wordpress site url as example.com, your wordpress site will work without any problems.

    I still havent found the solution to this problem yet, so currently I have set my wordpress site url to example.com

    #35398

    Immerse
    Participant

    [Topic has been merged into this relevant Topic]
    Hi,

    This morning I went into one of my sites that still has bps installed, disabled the top two security options (forget offhand what they’re called, but root and admin htaccess, I believe).

    I then went to change the ‘hidden file’ option. As soon as I clicked that, a box popped up asking me if I wanted to save the relevant php file or to choose what program I wanted to use, to open it. No matter what other options I tried to access, no matter what url, this was all that I could get. I cannot access my website. Anybody visiting the site is invited to download the php files.

    I’m not printing the url for that reason.

    How do I totally remove all traces of BPS pro from my site without being able to log in? I can get to it via cpanel, obviously.

    Not directly related to this, but reflecting a growing sadness and frustration…

    I’ve got to say that after recommending this plugin to countless people via facebook groups I belong to, I’m slowly stopping using it. It just causes too many problems. I’ve lost count of the number of times I’ve updated but forgotten that arq turns itself on by default (I turn it off by default because it causes fewer problems like that) and then found it quarantining custom files or something else it doesn’t like. The plugins protection never quite learns all the files it needs to allow to work (I actually left my cache plugin disabled for a week to see if that helped – it didn’t).  There always seems to be a message telling me I need to run install for the 365th time in order to find files that haven’t been added to the whitelist.

    Every now and then bps blocks its own files, so we have the kiddie-crayon version of css in admin.  The solution is disable plugin protection and then re-enable. Happens more or less every time I spend any time in the plugin.  The password protection option  works on some forms, not on others – you’re screwed if your site/plugin/theme uses non-standard password forms (users get asked for the password, but not shown it). Then there’s this mscan thing that never seems to work and is incapable of giving an estimated scan time.

    We’re not talking one site here, but multiple – you can see at your end what sites the plugin is on.

    I seriously loved this plugin when I first found it, but it has just gotten so complicated now that it’s just too much hard work. I’m switching to relying on backups and a more plug-n-play security option.

    #35400

    AITpro Admin
    Keymaster

    @ Immerse –

    The problem is being caused by using invalid/incorrect php/php.ini handler htaccess code in your Root htaccess file or missing php/php.ini handler htaccess code in your Root htaccess file. Do these steps below:

    1. Use FTP or your web host control panel file manager and delete this file (if you already have BPS Pro installed): /wp-content/bps-backup/autorestore/root-files/auto_.htaccess and then delete your Root htaccess file (in your WordPress installation folder, same folder where the wp-config.php file is located).
    2. Login to your website, go to the BPS B-Core > Security Modes page and click the Root Folder BulletProof Mode deactivate button.
    3. Copy and paste your web host’s php/php.ini handler code for whichever PHP version you are using into this Custom Code text box: CUSTOM CODE TOP PHP/PHP.INI HANDLER/CACHE CODE
    4. Click the Save Root Custom Code button.
    5. Go to the Security Modes page and click the Root Folder BulletProof Mode activate button.

    If you do not know which PHP server version you are using or would like to use, you can either check your web host’s help pages for how to choose/change your PHP server version and which php/php.ini htaccess code to use for whichever PHP server version you would like to use or you can contact your web host support folks and ask them to help you with this.

    You do not need to remove/delete the BPS Pro plugin to fix this problem.  If you would instead like to delete the BPS Pro plugin then you will need to fix the php/php.ini handler htaccess code problem first, go to the WordPress Plugins page, click the deactivate link and click the delete link.

    I’m sorry you are running into problems using BPS Pro.  Please read the AutoRestore|Quarantine Guide forum topic for how to correctly use ARQ IDPS:  https://forum.ait-pro.com/forums/topic/autorestore-quarantine-guide-read-me-first/. You can of course choose not to use ARQ IDPS and turn it off. The same applies to any/all other BPS Pro security features – each/every BPS Pro security feature can be turned off individually if you do not want to use a particular BPS Pro security feature.

    In general, it sounds like you have several unusual problems occurring with BPS Pro on your web host/site.  I’m not exactly sure what the problems are by your descriptions.  If you would like for us to figure out what is causing these unusual problems then send us a WordPress Administrator login to this site to:  info at ait-pro dot com.

Viewing 9 posts - 1 through 9 (of 9 total)

You must be logged in to reply to this topic.