404 error on existing file.


My wordpress will not load my child theme custom_css.php file.

If you visit the site i'm setting up (oskillator.com) you will see 2 errors.

https://oskillator.com/wp-content/themes/eprom_1_5_5/includes/child_css.php?ver=4.7.2 Failed to load resource: the server responded with a status of 404 (Not Found)
https://oskillator.com/wp-content/themes/eprom_1_5_5/includes/custom_css.php?ver=1.0.0 Failed to load resource: the server responded with a status of 404 (Not Found)

this happens on all pages of my site.

If you go to oskillator.com -> theme settings there is a customization section. None of the customizations appear due to this 404 problem. WP can't find the css file... (though it exists on the ftp!)

let me know if there's any more info you require...thanks!

  • James Morris

    Hello Patrick,

    I hope you are well today. Thank you for having Support Staff Login enabled so I could check your site for you.

    I'm not seeing anything that is standing out that might be causing the issue.

    In order to help you better with your issue, would you please grant me access to your site and server?

    Please visit the Contact page and complete the form with the following information:

    Subject: "Attn: James Morris"

    In the Message box, please provide the following:

    - link back to this thread for reference
    - any other relevant urls

    - Admin login:
    Admin username
    Admin password
    Login url

    - Hosting Control Panel Login
    Admin username
    Admin password
    Login url

    - FTP credentials
    (and port if required)

    Best regards,

    James Morris

  • Patrick

    looks like WP Defender was the culprit...here's what my hosting guy said.


    Clayton F
    You had an .htaccess in wp-content that was denying from all for php files.
    1:13:28 PM
    Clayton F
    I renamed it to test and it sounds like that must have worked.
    1:14:24 PM
    Patrick Dunn
    weird....can you copy paste the original and the edited item?
    1:14:56 PM
    Clayton F
    I didn't edit anything within the file, I just renamed it to .htaccess.bak. These are the lines:

    ## WP Defender - Prevent PHP Execution ##
    <Files *.php>
    Order allow,deny
    Deny from all
    ## WP Defender - End ##
    1:15:36 PM
    Patrick Dunn
    1:15:46 PM
    Patrick Dunn
    1:16:56 PM
    Clayton F
    So wp-content/.htaccess to wp-content/.htaccess.bak
    1:18:28 PM
    Clayton F
    It looks like it was created by that plugin, so it's possible that it may generate a new .htaccess file there at a later time.

  • Hoang Ngo


    That's because the rule Prevent PHP Execution get applied. That rules only allow core files get access directly by web browser or another application, extra file inside wp-content will get denied if access.

    This is for the case if some one successful upload a shell script inside wp-content, those htaccess will prevent the script get executed.

    You can turn off the hardener rule by go to Defender->Hardener->Prevent PHP Execution, click on Revert button, however, it seems already off :slight_smile:

    If you want to use this, then you can ignore your file by go to wp-content/.htaccess, and add this

    <Files child_css.php>
    Allow from all
    <Files custom_css.php>
    Allow from all

    If you have any additional issues, please let us know and we'll be happy to help.

    Best regards,

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.