Disabled execution of PHP scripts causes issue with wc

Hi there,

> Is it possible that “Forbid execution of PHP scripts in the wp-content/uploads directory” can cause the following issue regarding Woocommerce finally even creating an internal server error 500?

I don’t think so, I would suspect an Apache configuration for this. You can try and edit your .htaccess in order to allow access.
For example via: https://support.plesk.com/hc/en-us/articles/115001050013-Website-is-not-accessible-403-Forbidden-AH01797-client-denied-by-server-configuration

Backup your files prior to editing them.

Kind regards,

@conschneider

I had a look at the plesk-support site you mentioned. I then logged in my plesk account to Apache & nginx Settings > Additional HTTP directives.
However, the dashboard there looks different and all possible settings to be made are set to “standard”.
But as far as I know my server host implements all security settings like ?forbid execution of php scripts“ directly on the server.
So could this still be the reason why I encountered the issues mentioned?

Hi there,

> But as far as I know my server host implements all security settings like ?forbid execution of php scripts“ directly on the server.
So could this still be the reason why I encountered the issues mentioned?

Maybe. It is a bit hard to tell without looking at this in it’s entirety.

The error you get: 403 GET /wp-content/uploads/woocommerce_uploads/ what you are trying to do when this occurs? Are you trying to load the contents of the folder woocommerce_uploads?

Kind regards,

@conschneider

This happened when I wanted to update woocommerce to the latest version available.

Hi again,

This happened when I wanted to update woocommerce to the latest version available.

The first thing I would try is to setup a staging on the same server and then try the update there to see if it works.

As an alternative: Since an update is a brief event, maybe your hosting provider can disable the server directive so you can try the update without again to see if that helps.

Kind regards,

@conschneider

I have now a staging site on the same server.
Php sript execution is disabled.

The update now worked.
However, the following error messages seem to be regular behaviour while updating wc since there is a .htaccess file in the woocommerce_uplaods that says “deny from all”:

Error 80.74.152.100 403 GET/wp-content/uploads/woocommerce_uploads/HTTP71.0

Error 80.74.152.100 401 POST /wp-cron.php?doing_wp_cron=1623228467.7074470520019531250000 HTTP/1.0

Error 80.74.152.100 AH01797: client denied by server configuration: /home/httpd/vhosts/xxxxxxx/wp-content/uploads/woocommerce_uploads/, referer: https:xxxxxx/wp-content/uploads/woocommerce_uploads/`

Can you confirm that?

Hi there,

However, the following error messages seem to be regular behaviour while updating wc since there is a .htaccess file in the woocommerce_uplaods that says “deny from all”:

I think I can now. From what I see currently, this is expected behaviour.

/wp-content/uploads/woocommerce_uploads/ is for protected uploads i.e. WooCommerce Subscriptions downloads that must not be available to the public. That is why deny from all .htaccess is in place.

Kind regards,

@conschneider

Thanks for confirming.