Plugin Conflict – MainWP Dashboard

  • Resolved CGS Web Designs

    (@cgscomputers)


    5 months, 2 weeks ago

    I’ve discovered a conflict where this plugin causes an error for those running the MainWP Dashboard plugin. The error appears when you use the MainWP Dashboard to install a plugin via .zip file to a child site and states: PCLZIP_ERR_BAD_FORMAT (-10) : Unable to find End of Central Dir Record signature

    Disabling WPO365 resolves the error and allows plugins to be installed via .zip file. I spoke to MainWP support regarding this and they recommended reaching out here.

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Author Marco van Wieren

    (@wpo365)

    Hi @cgscomputers

    Thank you for reaching out!

    It’s very well possible that WPO365 redirects a request that was initiated by MainWP Dashboard to install a plugin remotely to a child site to Microsoft. To work-around this, you must know the endpoint that MainWP Dashboard uses in the child site to upload the ZIP file e.g. /wp-json/mainwp/v1 or similar. Once you know the endpoint, you can add the path portion of that endpoint to the “List of pages freed from Authentication” on the plugin’s “Single Sign-on” configuration page.

    I had a quick look on their website and noticed that they advise to configure (security related solutions such as firewalls) to allow-list the IP address, but this option is not currently not available for WPO365.

    Hope this helps!

    -Marco

    Thread Starter CGS Web Designs

    (@cgscomputers)

    Hi @wpo365 thanks for responding so quickly. I spoke to the guys at MainWP and with their assistance I was able to come up with an entry on the “pages freed from authentication” section that works. That being said, I wanted to make sure I’m doing this as secure as possible so I wanted to ask an additional question. As it turns out, when installing via ZIP file, the child site reaches back to the MainWP Dashboard site to download the ZIP. When it does so, it reaches back via /wp-admin/admin.php?sig=xxxxx&mwpdl=yyyyy where sig= and mwpdl= will vary with every installation.

    As a result, I was able to use an entry for freed pages of “?sig=” which allows the plugins to be installed however, I wanted to know if there is a more strict entry that would work. I couldn’t find anything in your documentation about wildcards or regex being allowed here – I originally tried “?sig=*” and that resulted in failure (regex such as “?sig=.+&mwpdl=.+” also failed).

    Plugin Author Marco van Wieren

    (@wpo365)

    Hi @cgscomputers

    Sorry for my late response. I missed the question at the end!

    You can definitely add it as “/wp-admin/admin.php?sig=”. Maybe it is also possible to define a prefix for the sig value that is always the same and then you can at least add that as well. Or you can add all different signatures for all child sites, but obviously that is depending on the number of child sites.

    Hope this helps!

    -Marco

    Thread Starter CGS Web Designs

    (@cgscomputers)

    @wpo365 thanks for the reply – right now, the only option that is working is just using “?sig=”. Your suggesting won’t work because the plugin doesn’t allow anything that includes /wp-admin/ in the path (for obvious reasons). I am content with the solution I have for now.

    It is possible to use the unique chain – but I have over 40 child sites and that would be a lot of rules to manage & maintain (plus those chains do change occasionally).

    The good news is everything is working and I am good to go. Again, thanks for engaging here, I’m making good use of your SSO plugin and am very happy with it.

    Plugin Author Marco van Wieren

    (@wpo365)

    Thread closed according to user.

Viewing 5 replies - 1 through 5 (of 5 total)
  • You must be logged in to reply to this topic.