Resolving WordPress Issues on ConoHa Wing

ConoHa Wing is a cloud hosting platform that’s perfect for hosting a WordPress site. With its user-friendly interface, packed with features, and excellent customer support, ConoHa Wing makes it easy to set up and manage your WordPress website. In this post, I’ll share my experience troubleshooting some common issues with WordPress on ConoHa Wing, including permalink settings, the Gutenberg editor, and the theme editor. Whether you’re a beginner or an experienced user, you’ll find some helpful tips and solutions in this post.

ConoHa tries to protect their users from overseas attack.

They implement a system of restrictions for non-Japanese IP addresses, limiting access to certain content or features on their website. This practice can be beneficial for several reasons, including protecting against potential cyber attacks from outside Japan that could compromise the security of the website and potentially lead to the loss of sensitive data or financial damage. However, for individuals like myself who are not living in Japan, these restrictions are ineffective and can even prevent access to basic features on my own website.

403 when visiting the admin panel for the first time.

As mentioned, this issue arises because ConoHa Wing automatically restricts access to the WordPress admin panel for non-Japanese IP addresses. To modify this setting, we must go to the “サイト管理” (site management) section on the left side of the page, click on “サイトセキュリティー” (site security), and then navigate to the “WordPress セキュリティー” (WordPress security) section. From here, we can adjust the settings to allow or restrict access to the admin panel for overseas users.

You will be greeted by the interface below:

A screenshot of the ConoHa Wing WordPress security page.

Here is a summary of the third section:

  • Overseas access restrictions
    • Dashboard
    • REST-API
    • wlwmanifest.xml

Notice how the option is set to on for dashboard? Turn it off and you should be good to go.

The response is not a valid JSON response.

When using the permalink settings in WordPress, you may encounter an error when attempting to edit a post, such as saving a draft or uploading an image. This error may appear as a notification, preventing you from making changes to the post.

The error you may see when uploading an image.

The new WordPress Gutenberg editor utilizes the REST API to enable seamless updates to posts. This allows for a more efficient editing experience. However, ConoHa has disabled overseas access to the REST API by default. To restore access, you will need to navigate to the “WordPress セキュリティー” (WordPress security) section and turn off the restriction for overseas access to the REST API. This will allow you to continue using the Gutenberg editor without any interruptions.

Other settings for overseas restrictions.

ConoHa also allows users to restrict access to the XML-RPC API and the wlwmanifest.xml file on their WordPress website. The XML-RPC API allows WordPress to communicate and interact with other applications and services, enabling features such as remote publishing and post editing. The wlwmanifest.xml file, on the other hand, contains information about the WordPress website that is used by the Windows Live Writer application to connect to the site and enable features for writing and publishing posts. You can enable or disable these restrictions based on your use case.

Comment restrictions.

You can also set up comment restrictions on the second section in ConoHa’s WordPress security page.

  • Comment restrictions
    • Spam comment/traceback
    • Overseas comment/traceback

As I have friends living outside of Japan, I will turn off this option to allow them to comment on my posts.

You may have permalink issues, too.

If you encounter issues with the permalink settings on your new WordPress site, such as your settings not being preserved upon reload or 404 errors when clicking on a post, you can try manually editing the site’s .htaccess file. This file contains the server-side configuration for your website, and editing it can help resolve issues with the permalink settings. To edit the .htaccess file, you can navigate to the “サイト管理” (site management) section on the left side of the page, click on “サイト設定” (site settings), and then navigate to the “応用設定” (application settings) section. From here, you will be able to access and edit the .htaccess file to make the necessary changes.

The following is the content of the file that worked for me.

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
# END WordPress

The firewall is protecting the site, but it also locks you out.

If you use the WordPress official theme, you will have access to their beta site editor, which allows you to easily customize the layout of your website. However, after you have completed your edits, you may encounter an error when trying to save your changes.

By the way, this is the most useless error message I’ve ever seen.

This error is actually caused by ConoHa’s built in firewall, WAF. If you navigate to the “サイト管理” (site management) section on the left side of the page, click on “サイトセキュリティー” (site security), and then navigate to the “WAF” section, you will probably see a list of blocked requests.

A screenshot showing WAF settings and its log in ConoHa Wing. The right most column shows why the request was blocked. In English, “クロスサイトスクリプティングの試みの可能性” means “the potential for cross-site scripting (XSS) attempt.”

XSS is a type of cyber attack that involves injecting malicious code into a website to execute unauthorized actions on the victim’s behalf. The WordPress Editor triggers the WAF is probably because it fails to properly sanitize user-supplied input. When a system or application does not properly filter or cleanse user-supplied input, it can be vulnerable to attacks such as SQL injection or XSS. These attacks allow an attacker to inject malicious code or commands into the input data, causing the system or application to execute them. In the mean time, you can press the “除外” button to ignore the problem.

When you finish editing your theme, you can go to “表示切替” -> “除外中” and press “除外解除” to stop ignoring the problem.

Final thoughts.

It is clear that ConoHa is dedicated to protecting its users from attacks. However, some features may interfere with your daily use.

I hope this post can help solve some of the issues you may have encountered when you first set up your WordPress site on ConoHa.




Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.