Jump to content

Wordpress help

Recommended Posts

I just installed wordpress on a site.

When I navigate to the dashboard (http://address.com/wp-admin/) The browser is served up with a php code page like so...

 * Dashboard Administration Screen
 * @package WordPress
 * @subpackage Administration

/** Load WordPress Bootstrap */
require_once( dirname( __FILE__ ) . '/admin.php' );

/** Load WordPress dashboard API */
require_once(ABSPATH . 'wp-admin/includes/dashboard.php');


wp_enqueue_script( 'dashboard' );
if ( current_user_can( 'edit_theme_options' ) )
    wp_enqueue_script( 'customize-loader' );
if ( current_user_can( 'install_plugins' ) )
    wp_enqueue_script( 'plugin-install' );
if ( current_user_can( 'upload_files' ) )
    wp_enqueue_script( 'media-upload' );


Anyone ever seen this, and know how to fix it?

Share this post

Link to post
Share on other sites

Never mind.

I was having trouble installing a theme, and a possible solution I found through a web search said to add this to htaccess file

"AddType x-mapp-php5 .php"

It never worked, but page loads normally after removing that line.

Share this post

Link to post
Share on other sites

You're dealing with a misconfiguration of Apache and PHP. Normally your hosting provider does this proper for you, or provides instructions how you can do this yourself. I'd check the latter and if no instructions are provided, I'd email them and if the response is less than satisfactory, I honestly recommend changing hosting partner right away. It's a pain in the ass to work with poor hosting providers and any indication they are bad should be cause to immediately migrate.

Apache has to be told that .php files must be ran through PHP and the output of that interpreter will be the actual page. The way it works inside of Apache is it registers certain programs like PHP to handle specific file types. The way you have posted with using AddType sets the MIME type for .php files to one that Apache understands as needing PHP . PHP then changes the actual MIME type sent to the client to the appropriate type (text/html usually).

So what's wrong with the way you've done it now? Any .php in the file name will execute the file as a PHP file. If a malicious user uploads a file called image.php.png it will be executed as PHP. That's a security risk. It's also a pain to do this in the .htaccess file, it should be in the php.conf file (in httpd/conf.d/php.conf or something) so it is globally enabled in a safe way like this:

<FilesMatch \.php$>
    SetHandler application/x-httpd-php

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Create New...