Resolving WordPress Issues on ConoHa Wing

ConoHa Wing is a cloud hosting platform that’s perfect for hosting a WordPress site. However, I have experienced some issues while setting up WordPress on this hosting platform. Here, I’ll share with you the issues I have encountered and my solution.

Overseas attack prevention.

ConoHa implemented a system of restrictions for non-Japanese IP addresses, limiting access to certain content or features on their website. This is beneficial for several reasons, including protecting against potential cyber-attacks from outside Japan that could compromise the security of the website and potentially lead to the loss of sensitive data. However, for individuals like me who lives outside of Japan, these restrictions prevent my own access to basic features on my own website.

403 when visiting the admin panel for the first time.

As mentioned, this issue arises because ConoHa Wing automatically restricts access to the WordPress admin panel for non-Japanese IP addresses. To modify this setting, we must go to the “サイト管理” (site management) section on the left side of the page, click on “サイトセキュリティー” (site security), and then navigate to the “WordPress セキュリティー” (WordPress security) section. As show below, we can adjust the settings to allow or restrict access to the admin panel for overseas users.

A screenshot of the ConoHa Wing WordPress security page.

Here is a summary of the third section:

  • Overseas access restrictions
    • Dashboard
    • REST-API
    • wlwmanifest.xml

To use the dashboard, you need to turn off the first option.

The response is not a valid JSON response.

When using the permalink settings in WordPress, you may encounter an error when attempting to edit a post, such as saving a draft or uploading an image. This error may appear as a notification, preventing you from making changes to the post.

The error you may see when uploading an image.

The new WordPress Gutenberg editor utilizes the REST API to enable seamless updates to posts. This allows for a more efficient editing experience. However, ConoHa has disabled overseas access to the REST API by default. To restore access, you will need to navigate to the “WordPress セキュリティー” (WordPress security) section and turn off the restriction for overseas access to the REST API. This will allow you to continue using the Gutenberg editor without any interruptions.

Other settings for overseas restrictions.

ConoHa also allows users to restrict access to the XML-RPC API and the wlwmanifest.xml file on their WordPress website. The XML-RPC API allows WordPress to communicate and interact with other applications and services, enabling features such as remote publishing and post editing. The wlwmanifest.xml file, on the other hand, contains information about the WordPress website that is used by the Windows Live Writer application to connect to the site and enable features for writing and publishing posts. You can enable or disable these restrictions based on your use case. Personally, I don’t use any tool that utilize these APIs, so I kept them off.

Comment restrictions.

You can also set up comment restrictions on the second section in ConoHa’s WordPress security page.

  • Comment restrictions
    • Spam comment/traceback
    • Overseas comment/traceback

As I have friends living outside of Japan, I will turn off this option to allow them to comment on my posts.

You may have permalink issues, too.

If you encounter issues with the permalink settings on your new WordPress site, such as your settings not being preserved upon reload or 404 errors when clicking on a post, you can try manually editing the site’s .htaccess file. This file contains the server-side configuration for your website, and editing it can help resolve issues with the permalink settings. To edit the .htaccess file, you can navigate to the “サイト管理” (site management) section on the left side of the page, click on “サイト設定” (site settings), and then navigate to the “応用設定” (application settings) section. From here, you will be able to access and edit the .htaccess file to make the necessary changes.

The following is the content of the file that worked for me.

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
# END WordPress

The firewall is protecting the site, but it also locks you out.

If you use the WordPress official theme, you will have access to their beta site editor, which allows you to easily customize the layout of your website. However, after you have completed your edits, you may encounter an error when trying to save your changes.

By the way, this is the most useless error message I’ve ever seen.

This error is actually caused by ConoHa’s built in firewall, WAF. If you navigate to the “サイト管理” (site management) section on the left side of the page, click on “サイトセキュリティー” (site security), and then navigate to the “WAF” section, you will probably see a list of blocked requests.

A screenshot showing WAF settings and its log in ConoHa Wing. The right most column shows why the request was blocked. In English, “クロスサイトスクリプティングの試みの可能性” means “the potential for cross-site scripting (XSS) attempt.”

XSS is a type of cyber attack that involves injecting malicious code into a website to execute unauthorized actions on the victim’s behalf. The WordPress Editor triggers the WAF is probably because it fails to properly sanitize user-supplied input. When a system or application does not properly filter or cleanse user-supplied input, it can be vulnerable to attacks such as SQL injection or XSS. These attacks allow an attacker to inject malicious code or commands into the input data, causing the system or application to execute them. In the mean time, you can press the “除外” button to ignore the problem.

When you finish editing your theme, you can go to “表示切替” -> “除外中” and press “除外解除” to stop ignoring the problem.

Final thoughts.

It is good that ConoHa is dedicated to protecting its users from attacks. However, some features may interfere with your daily use.

I hope this post can help solve some of the issues you may have encountered when you first set up your WordPress site on ConoHa.


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.