[Defender Pro] Allow PHP Execution in Defender

Hi! I implemented the 'disable PHP Execution' option in Defender and I think it has broken updating pages in Elementor… how do you re-enable it??

  • Ohidul Islam
    • Staff

    Hi Matthew,

    Thank you for coming to our support, hope you are doing great today!

    To replicate this issue, I have disabled PHP Execution in my test site too but I can smoothly create/update Elementor pages. I can not replicate this issue on my end. I think there’s some other issue responsible for broken updating pages in Elementor.

    However, I would like to share the solution for re-enable PHP Execution with you.

    Would you please login to your file management system either via cPanel or FTP and go to /wp-content/ and /wp-includes/ directory of your WordPress installations. Then look for .htaccess file and delete them.

    Now you can see PHP Execution is enabled again. Please check the Elementor page update issue once again after enabling PHP Execution. Let’s see if things started working again for you.

    Please let me know if you have any questions.

    Kind regards,

    Ohid

  • Matthew Chambers
    • New Recruit

    Hi Ohid,

    Thanks for your response – those .htaccess files are not present yet the security tweaks page shows it as resolved. I should have been more specific – the 403 error only appears when updating a page that contains an Elementor form… which is odd!

    I’m looking at Defender as some of the technotes on this subject point to security plugins causing the issue (see https://docs.elementor.com/article/185-the-update-button-does-not-work).

    Not sure where to go next!?

    Matt

  • Ohidul Islam
    • Staff

    Hey Matt,

    Glad to hear back from you. Hope you are well today!

    Now I have a clear picture of the error code. Thanks for specifying this.

    As per documentation, Elementor says “403 error when attempting to update a page: This can be due to a security plugin.”. So we could run a plugin conflict test to check if there’s any issue with the security plugin.

    Would you please deactivate Defender Pro and if you have any other security plugin actively installed please deactivate them as well. Now try updating Elementor page and see if it works.

    If Elementor can updates the page now, it’s definitely means that it has a issue with the security plugins.

    Now try re-activating plugins one by one and do check every time Elementor page update works or not to find which plugin causing the issue.

    If the issue is still there, I would like to investigate this issue further on my own. And to do so, would you please grant Support access from WPMU DEV > Support > Support Access so we could access your WordPress admin and proceed with checking?

    Please let me know when you have did this, I will be waiting for your response.

    Best regards,

    Ohid

  • Louis Gouletas
    • New Recruit

    We have spent days researching this and found both MUdev and Elementor support unhelpful. However, we did find a solution on our own after a lot of trial and error. The issue is that Defender adds PHP restrictive code in the wp-includes folder’s .htaccess file that conflicts with Elementors’ core functionality. The steps below solved it for us:

    – Go to your FTP file manager where your WordPress instance is installed and find your “wp-includes” folder

    – Look for the .htaccess file in the “wp-includes” folder (there are multiples of that file in different folders so make sure you have the right one). If you cannot see the file, click “show hidden files” in your file manager settings.

    – Remove the following from the WP Defender section of the file:

    <Files *.php>

    Order allow,deny

    Deny from all

    </Files>

    So the file should go from looking something like this to that:

    <Files *.php>

    deny from all

    </Files>

    <Files wp-tinymce.php>

    allow from all

    </Files>

    <Files ms-files.php>

    allow from all

    </Files>

    ## WP Defender – Protect PHP Executed ##

    <Files *.php>

    Order allow,deny

    Deny from all

    </Files>

    <Files wp-tinymce.php>

    Allow from all

    </Files>

    <Files ms-files.php>

    Allow from all

    </Files>

    ## WP Defender – End ##

    <Files *.php>

    deny from all

    </Files>

    <Files wp-tinymce.php>

    allow from all

    </Files>

    <Files ms-files.php>

    allow from all

    </Files>

    ## WP Defender – Protect PHP Executed ##

    <Files wp-tinymce.php>

    Allow from all

    </Files>

    <Files ms-files.php>

    Allow from all

    </Files>

    ## WP Defender – End ##

    That worked for us and hope it works for you.

    Best,

    -LG

  • Ohidul Islam
    • Staff

    Hello Louis,

    Glad to hear back from you the issue is solved by now. It seems to me the same solution I posted at my first response.

    Quoted from my first response:

    Would you please login to your file management system either via cPanel or FTP and go to /wp-content/ and /wp-includes/ directory of your WordPress installations. Then look for .htaccess file and delete them.

    However, please let us know if there’s any more issue. We would be more than happy to help you.

    Kind regards

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.