Defender WordPress Security, Malware Detection, and Firewall to block access to wp-includes: Internal error
Defender WordPress Security, Malware Detection, and Firewall to block access to wp-includes to avoid an internal error 500.
After installed a WP plugin called Defender and configured, we found out that it provoking access denied to wp-includes:
The script from “https://yourdomain.com/wp-includes/js/thickbox/thickbox.js?ver=3.1-20121105” was loaded even though its MIME type (“text/html”) is not a valid JavaScript MIME type.
plugins.php
The script from “https://yourdomain.com/wp-includes/js/dist/a11y.min.js?ver=2.5.1” was loaded even though its MIME type (“text/html”) is not a valid JavaScript MIME type.
plugins.php
The script from “https://yourdomain.com/wp-includes/js/wp-sanitize.min.js?ver=5.3.2” was loaded even though its MIME type (“text/html”) is not a valid JavaScript MIME type.
plugins.php
The script from “https://yourdomain.com/wp-includes/js/wp-auth-check.min.js?ver=5.3.2” was loaded even though its MIME type (“text/html”) is not a valid JavaScript MIME type.
plugins.php
The script from “https://yourdomain.com/wp-includes/js/jquery/ui/widget.min.js?ver=1.11.4” was loaded even though its MIME type (“text/html”) is not a valid JavaScript MIME type.
plugins.php
The script from “https://yourdomain.com/wp-includes/js/heartbeat.min.js?ver=5.3.2” was loaded even though its MIME type (“text/html”) is not a valid JavaScript MIME type.
plugins.php
The script from “https://yourdomain.com/wp-includes/js/jquery/ui/mouse.min.js?ver=1.11.4” was loaded even though its MIME type (“text/html”) is not a valid JavaScript MIME type.
plugins.php
The script from “https://yourdomain.com/wp-includes/js/jquery/ui/core.min.js?ver=1.11.4” was loaded even though its MIME type (“text/html”) is not a valid JavaScript MIME type.
plugins.php
The script from “https://yourdomain.com/wp-includes/js/jquery/ui/draggable.min.js?ver=1.11.4” was loaded even though its MIME type (“text/html”) is not a valid JavaScript MIME type.
plugins.php
The script from “https://yourdomain.com/wp-includes/js/jquery/ui/slider.min.js?ver=1.11.4” was loaded even though its MIME type (“text/html”) is not a valid JavaScript MIME type.
plugins.php
The script from “https://yourdomain.com/wp-includes/js/jquery/jquery.ui.touch-punch.js?ver=0.2.2” was loaded even though its MIME type (“text/html”) is not a valid JavaScript MIME type.
plugins.php
The script from “https://yourdomain.com/wp-includes/js/backbone.min.js?ver=1.4.0” was loaded even though its MIME type (“text/html”) is not a valid JavaScript MIME type.
plugins.php
The script from “https://yourdomain.com/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=7.4.4” was loaded even though its MIME type (“text/html”) is not a valid JavaScript MIME type.
1- Solution check inside the folder wp-includes for .htaccess file that is added by WP defender, you delete this file and try configure again o modify this file here is an example:
deny from all allow from all allow from all
## WP Defender - Protect PHP Executed ##
Order allow,deny
Deny from all
Allow from all
Allow from all
## WP Defender - End ##
