Defender tweaks blocks access in subsites

I am getting multiple console errors saying:
"not allowed by access-control-allow-origin"
in subsites that are mapped to a custom domain name.
Please help me to fix this via applying appropriate Defender security tweaks

  • Nastia
    • Ex Staff

    Hello Mr Right Now

    I trust you’re doing well!

    The message, it is a CORS policy. I’m afraid the Defender plugin doesn’t apply CORS policy.

    If your server is Apache, please access your site’s folders via FTP and locate a .htaccess file, amongst folders like wp-content, wp-admin, and wp-config.php file.

    Edit the .htacess file and manually add the following lines at the bottom of a file

    <FilesMatch ".(eot|otf|ttf|woff|woff2)">
        Header always set Access-Control-Allow-Origin "*"
    </FilesMatch>

    If your server is on NGNIX, please add the following lines to a virtual config server file and restart the server after

    location ~* \.(eot|otf|ttf|woff|woff2)$ {
        add_header Access-Control-Allow-Origin *;
    }

    Let us know how it went!

    Kind regards,
    Nastia