WP-Admin is behaving weird

July 16, 2016 3.3k views
Nginx WordPress LEMP Let's Encrypt Ubuntu 16.04

Its a new wordpress install, i am using nginx with mysql, php-fpm on ubuntu 16.04 with letsencrypt ssl. so everything was working fine for half an hour then wordpress admin dashboard started behaving weird, i mean its not loading any css animation, i cant delete widgets and not able to edit anything.
Even if i go to add a new post everything is way off of their places.
look at the screenshot http://prntscr.com/btk7hx
Please let me know if you need any config details.

  • Does it show any errors on your web browser console or any 404 errors for any css/js files?
    I will also recommend clearing your web browser cache.

  • wow, lots of them here see the screenshot http://prntscr.com/btlcrm, there are lots of error showing in console, how to get rid of them, i know its a lot to ask as i am newbie just followed a few tutorial and got myself this far, but now needs some advice on how to remove these error.

  • Can you also include a screen shot of the network tab? Also do you have the same issue with other browsers?

  • as i was searching for the solution of this i found that add_header Content-Security-Policy is the issue i guess its that, so i decide to add this in /etc/nginx/sites-available/default file i’ve added this line now
    default-src ‘self’ https: data: 'unsafe-inline’ 'unsafe-eval’;
    so now i started to get this error
    nginx: [emerg] unexpected end of file, expecting “;” or “}” in /etc/nginx/sites-enabled/default:120
    nginx: configuration file /etc/nginx/nginx.conf test failed

    so i added } in line 120 but then i am getting this error again
    nginx: [emerg] unexpected end of file, expecting “;” or “}” in /etc/nginx/sites-enabled/default:121
    nginx: configuration file /etc/nginx/nginx.conf test failed

    and it goes so on.

  • So due to this i changed it back again as it was and here is the network tab screenshot http://prntscr.com/btm2zi by the way here’s the site url if you wants to see your self https://catloversareus.com/
    and here is my server block in /etc/nginx/sites-available/default file

    # Default server configuration
    server {
            listen 80;
            listen [::]:80;
            server_name catloversareus.com www.catloversareus.com;
            #return 301 https://$server_name$request_uri;
            # SSL configuration
            listen 443 ssl default_server;
            listen [::]:443 ssl default_server;
            server_name catloversareus.com www.catloversareus.com;
            ssl_protocols TLSv1.2;
            ssl_ciphers EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
            ssl_prefer_server_ciphers On;
            ssl_certificate /etc/letsencrypt/live/catloversareus.com/fullchain.pem;
            ssl_certificate_key /etc/letsencrypt/live/catloversareus.com/privkey.pem;
            ssl_trusted_certificate /etc/letsencrypt/live/catloversareus.com/chain.pem;
            ssl_session_cache shared:SSL:128m;
            add_header Strict-Transport-Security "max-age=31557600; includeSubDomains";
            add_header X-Frame-Options "SAMEORIGIN" always;
            add_header X-Content-Type-Options "nosniff" always;
            add_header X-Xss-Protection "1";
           add_header Content-Security-Policy "default-src 'self'; script-src 'self' *.google-analytics.com";
            ssl_stapling on;
           ssl_stapling_verify on;
            # Your favorite resolver may be used instead of the Google one below
            #root /var/www/demo;
            index index.html index.php;
            if ($scheme = http) {
                    return 301 https://$server_name$request_uri;
            location = /favicon.ico { log_not_found off; access_log off; }
           location = /robots.txt { log_not_found off; access_log off; allow all; }
            location ~* \.(css|gif|ico|jpeg|jpg|js|png)$ {
            expires max;
            log_not_found off;


  • Show 3 more comments
2 Answers

This question was answered by @josephsmith:

@BrookDO i had to remove this line

add_header Content-Security-Policy "default-src 'self'; script-src 'self' *.google-analytics.com";

i guess @MDS checked after i removed this, so it wasn’t showing any error, but before that i was getting error on both Firefox and chrome, i didn’t tested on any other browser.

View the original comment

This question was answered by @MDS:

I’m not seeing errors on your screen shot on my end, it can be one of your google chrome extensions. Do you have the same issue with other web browsers?

View the original comment

Have another answer? Share your knowledge.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!