I'm currently trying to migration my multisite wordpress installation from ionos to aws.
On ionos, I have a single ubuntu server with plesk, nginx, apache, php 7.2.28, letsencrypt and mariadb.
On AWS, I have an ELB (doing the ssl termination), an amazon linux 2 (based on centos) instance with apache / php 7.2.34 / wordpress and another instance for mariadb.
I took a DB dump from production and restored it (untouched) on this new environment (same domain as production, accessed locally by modifying the /etc/hosts file).
I copied our wordpress codebase from production, modified the apache config file to fit the new folder structure and modified wp-config to reach the new DB instance and to stop forcing the ssl redirection.
The landing page works, I can access the website and the public pages, but when I try to login, it says permission denied ("Sorry, you are not allowed to access this page.").
It seems like the authentication works because I can see the admin-bar on top of the homepage. When I try to access a page inside the wp-admin, I get the aforementionned error.
While debugging the code, I found out that the global $current_user has an ID of 0 when accessed from the function user_can_access_admin_page.
Here are the debugging details with the attempt to access the https://mydomain.tld/wp-admin/widgets.php page:
- The error is thrown by menu.php (https://github.com/WordPress/WordPress/blob/master/wp-admin/includes/menu.php#L350) because
user_can_access_admin_pagereturns false. - Inside the
user_can_access_admin_pagefunction (https://github.com/WordPress/WordPress/blob/efaa79d347fbac1f9c4d1bc0494ec809b43e7042/wp-admin/includes/plugin.php#L2094), the current_user_can function is called, which itself calls thewp_get_current_userfunction which tries to retrieve the user from the global variable $current_user. - Unfortunately, this variable doesn't contain the details about my current user (the $current_user->ID is set to 0 as if I'm not logged-in). On the homepage, I can see the admin-bar with my username at the top of the page (which means that I am indeed logged in).
What's weird is that it works on production and I can't understand what's different between these two environments. Like I said, DB is exactly the same, codebase is the same, the only change I made is adding the following code at the bottom of wp-config to deal with ssl termination properly
if (strpos($_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') !== false)
$_SERVER['HTTPS']='on';
phpinfo() shows that both servers have the same libraries installed.
I thought that the issue could be due to a different key/salt in wp-config than the one used to store the encrypted passwords, but they are the same as the one on production.
I've read the the global $current_user can be 0 if the init hook is not finished, but I doubt this is the case:
- it works on production
- this is part of the wordpress standard codebase
I've checked the permission for my user in the DB: it is a superadmin, has the level 10 with manage-network capabilities (and like I said, it's the same DB as prod, where it works fine)
I checked the file/folder permissions and they seem fine.
