When I get home, I’ll do quick investigation and contact my webhost as well.
I asked my web host what was happening with this and they said they have been talking with cPanel, Litespeed and Cloudlinux. But no one has been able to pinpoint the problem or provide a fix.
I have a site that runs a Clickbank plugin from CBproAds to serve live listings of products. It has stopped working.
This is the only site where I have seen a plugin break, but am not sure whether it’s related. They are going to look at my installation.
Have you by chance tried this?
Because it might be the name of the file. It has a very specific name, that some hosts/MSs might flag as problematic. Similar to “reserved terms” in WP or CP
No, I hadn’t. So I just did and it causes an error 503.
It was a renamed index.php file to /wp-admin/abc.php
I have let my host know.
Since this doesn’t happen on Direct Admin hosts, maybe cPanel keeps the list of valid files?
Yes, that is super likely.
But, it would only happen if they know, or think, you have a WP install.
perhaps you used softacoulous to install WP and then changed it to CP?
that could be the whole reason.
This generates a flag that says “this is a WP install” and secured installs can then check for a list of files, or even file lengths, however I don’t think this is really best practice, because it locks you into a “standard” install. WP Can be modified, after all it is open source.
No, I always install CP using FTP.
Perhaps they sniff the code or filenames and decide on that. After all, CP has tons of references to wp_ and probably never will lose them
Let’s see what your hosts reply!
My web host has isolated the problem and this is their reply:
We were able to find the issue and it is related to Imunify360 Firewall Proactive Defense mode. We have reported this to them and they will whitelist the file globally with their next software update.
They are whitelisting my sites manually and the first one they did now works. The error 503 has gone and the Security tab works correctly.
The Clickbank plugin https://cbproads.com/ has now been fixed.
They had tightened their security and it broke for CP.
So I explained what CP is and why it exists. They had never heard of it.
They then changed their system to include whatever was necessary for it to work on CP.
You never know how the word will spread because of this.
So if I understand this correctly, since I have the same 503 error, my host must be using this same firewall software and with the next update the problem will disappear?
@Sparkey Just ask your web host to whitelist
/wp-admin/security.php under Imunify360 Firewall Proactive Defense mode.
You can do it yourself if you are game, I did.
Imunify360 will update their settings globally eventually.
Since I am not using the security tab for anything, I think I will watch and see how long before it starts working again on its own.
I checked another CP install that I have on a different host (maybe GoDaddy?) and I did not get an error there.
I am thinking about installing some plugins that use it, I saw the Blunt Force Login plugin, I don’t know if there are any others on the Directory using the security tab. I have a site on WP 4.9 that I am using “Login LockDown 1.7.1” and " WPS Hide Login 1.4.5" with.
Thank you for the response and the update
This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.