Theme making direct ajax calls to theme folder

admin管理员组

文章数量:1130349

So, I'm using a wordpress theme (unfortunately, I'm not able to get support for the theme any longer), and it has a contact form that makes a direct ajax call to a php file in the theme's "includes" folder. However, all ajax calls to this file result in a 404 error. As a result, the contact form is not able to successfully post messages.

What server setting is most likely responsible for restricting public access to php files in the themes folder?

So, I'm using a wordpress theme (unfortunately, I'm not able to get support for the theme any longer), and it has a contact form that makes a direct ajax call to a php file in the theme's "includes" folder. However, all ajax calls to this file result in a 404 error. As a result, the contact form is not able to successfully post messages.

What server setting is most likely responsible for restricting public access to php files in the themes folder?

• themes
• ajax
• 404-error

Share Improve this question asked Dec 3, 2018 at 5:18 objectiveseaobjectivesea 4922 bronze badges 7

• Permissions usually. Have you checked permissions on that directory and file? – Nathaniel Flick Commented Dec 7, 2018 at 3:02
• 1 What happens when you access the URL of the file directly from your browser? What do the error logs for your server say? Conventionally speaking, your form should be funneling ajax calls through the wp_ajax_ hooks. If you're in some type of shared hosting environment, there's a solid chance this file contains a vulnerability that the hosting provider has restricted access to. Most likely the easiest solution would be to replace the form with something new. – Lawrence Johnson Commented Dec 7, 2018 at 6:34
• Could you just change the contact form? – Krzysiek Dróżdż Commented Dec 7, 2018 at 8:21
• Did you check if the files are present in the location. Moreover there seems to be minor issues in url can you please share screenshot for the same. – Pratik bhatt Commented Dec 11, 2018 at 7:21
• @LawrenceJohnson, When the URL is accessed directly, the theme's 404 page is displayed. – objectivesea Commented Dec 15, 2018 at 0:06

 |  Show 2 more comments

2 Answers 2

Sorted by: Reset to default 0

server setting that most likely responsible for restricting public access to the php files :

1. Permission (try to set chmod 774 for the php file)
2. .htaccess (try to add rewrite rule for that php file)

maybe i'm wrong but it worth a try.

Are you sure it is not wrong URL/path issue? Double check it.

Chances are that server settings that are "most likely responsible for restricting public access to php files in the themes folder" are placed in .htaccess file, either in www-root directory or other location (for example, .htaccess file may be in the wp-content directory). There are also chances that the directive is specified in apache's vhost file for specific vhost.

The directive may look like:

<Files *.php>
deny from all
</Files>

which would produce 403 Forbidden, not "404 Not found". So, again, double check URL of that file. 404 Not found is rarely any other thing than exactly what it says - no resource existing for URL.

Apart from all this, you should note that hitting specific .php file in themes directory for any reason is considered to be bad practice - all that you need is already present in Wordpress API. Smart guys that made it has thought of ajax and made the means of using it right the right way available.

So, I'm using a wordpress theme (unfortunately, I'm not able to get support for the theme any longer), and it has a contact form that makes a direct ajax call to a php file in the theme's "includes" folder. However, all ajax calls to this file result in a 404 error. As a result, the contact form is not able to successfully post messages.

What server setting is most likely responsible for restricting public access to php files in the themes folder?

So, I'm using a wordpress theme (unfortunately, I'm not able to get support for the theme any longer), and it has a contact form that makes a direct ajax call to a php file in the theme's "includes" folder. However, all ajax calls to this file result in a 404 error. As a result, the contact form is not able to successfully post messages.

What server setting is most likely responsible for restricting public access to php files in the themes folder?

• themes
• ajax
• 404-error

Share Improve this question asked Dec 3, 2018 at 5:18 objectiveseaobjectivesea 4922 bronze badges 7

• Permissions usually. Have you checked permissions on that directory and file? – Nathaniel Flick Commented Dec 7, 2018 at 3:02
• 1 What happens when you access the URL of the file directly from your browser? What do the error logs for your server say? Conventionally speaking, your form should be funneling ajax calls through the wp_ajax_ hooks. If you're in some type of shared hosting environment, there's a solid chance this file contains a vulnerability that the hosting provider has restricted access to. Most likely the easiest solution would be to replace the form with something new. – Lawrence Johnson Commented Dec 7, 2018 at 6:34
• Could you just change the contact form? – Krzysiek Dróżdż Commented Dec 7, 2018 at 8:21
• Did you check if the files are present in the location. Moreover there seems to be minor issues in url can you please share screenshot for the same. – Pratik bhatt Commented Dec 11, 2018 at 7:21
• @LawrenceJohnson, When the URL is accessed directly, the theme's 404 page is displayed. – objectivesea Commented Dec 15, 2018 at 0:06

 |  Show 2 more comments

2 Answers 2

Sorted by: Reset to default 0

server setting that most likely responsible for restricting public access to the php files :

1. Permission (try to set chmod 774 for the php file)
2. .htaccess (try to add rewrite rule for that php file)

maybe i'm wrong but it worth a try.

Are you sure it is not wrong URL/path issue? Double check it.

Chances are that server settings that are "most likely responsible for restricting public access to php files in the themes folder" are placed in .htaccess file, either in www-root directory or other location (for example, .htaccess file may be in the wp-content directory). There are also chances that the directive is specified in apache's vhost file for specific vhost.

The directive may look like:

<Files *.php>
deny from all
</Files>

which would produce 403 Forbidden, not "404 Not found". So, again, double check URL of that file. 404 Not found is rarely any other thing than exactly what it says - no resource existing for URL.

Apart from all this, you should note that hitting specific .php file in themes directory for any reason is considered to be bad practice - all that you need is already present in Wordpress API. Smart guys that made it has thought of ajax and made the means of using it right the right way available.

本文标签： Theme making direct ajax calls to theme folder