joshfester
commented
10 months ago Should've kept digging first. This needs to be set:
define('CONCATENATE_SCRIPTS', false);
Closed joshfester closed 10 months ago
joshfester
commented
10 months ago Should've kept digging first. This needs to be set:
define('CONCATENATE_SCRIPTS', false);
jessuppi
commented
10 months ago @joshfester Yes they can be used for DDOS attacks and such:
Ref: https://www.bjornjohansen.com/load-scripts-php
If you are using the SlickStack wp-config.php boilerplate it should disable concatenation by default, meaning these scripts can be safely "denied" access for better security (and WP Admin stability too):
Ref: https://github.com/littlebizzy/slickstack/blob/master/modules/wordpress/wp-config-production.txt
joshfester
commented
10 months ago Thanks so much @jessuppi, that makes perfect sense!
I am unable to use SlickStack directly in a project because it's on CentOS, so I am copying config files for nginx/php. After getting it running, I ran into an issue where no styles or scripts get loaded in /wp-admin.
The nginx configuration denies access to both /wp-admin/load-scripts.php and /wp-admin/load-styles.php. I'm just curious what is the reasoning for this? Should I be loading these in a different way? Or perhaps this is related to Cloudflare config, which I also can't use in this project.
I can solve it by allowing the two files, but I'd rather do this the SlickStack way if I can. Thanks!