How to enable “view details” of plugins on subsites of wordpress multisites



Our mulitsites are running with Easyengine v3.

I already enabled both “theme editor and plugin editor” by set: define( 'DISALLOW_FILE_EDIT', false ); in wp-config.php.

both of these editors works ONLY on NETWORK dashboard:

But, on subsite, when I click “view details” of installed plugins , it just show:” refused to connect, please check the screenshot:

That means I can not view details of plugins on a subsite.

But, I am sure my account is supper administrator with the capibility of network plugin management as the screenshot:

Is that wordpress multisite default setting? if yes, anyway to “view details” of plugins on a subsite?

If not, what did I misconfigured please?

Great thanks, and have a nice day.



Hello All,

According to this post:

this issue is related to X-Frame-Options: sameorigin setting.

and here are two post tutorials upon setting in wp-config.php for wordpress and Nginx:

So I tried header('X-Frame-Options: SAMEORIGIN');in wp-config.php and add_header X-Frame-Options "SAMEORIGIN"; in nginx.conf, but still do not work.

As mentioned by the supporter of at

Make sure you add it inside the correct server block. If you are serving your content over HTTPS make sure it’s inside the 443 block. Otherwise it needs to be inside the 80 block.

and here is what I find about the port 443:

root@101:~# sudo grep -R “443” /etc/nginx/
/etc/nginx/sites-available/default: # listen 443 ssl default_server;
/etc/nginx/sites-available/default: # listen [::]:443 ssl default_server;
/etc/nginx/sites-enabled/default: # listen 443 ssl default_server;
/etc/nginx/sites-enabled/default: # listen [::]:443 ssl default_server;

but both of 443 are commented as the screenshot:

By the way, Easyengine V3 are running on our server now.

@virtubox @ashishdungdung would you please help?

Thanks in advance.


Even I commented all of the security rules, the issue will still be there:

##Common headers for security
# more_set_headers "X-Frame-Options : SAMEORIGIN";
# more_set_headers "X-Xss-Protection : 1; mode=block";
# more_set_headers "X-Content-Type-Options : nosniff";
# more_set_headers "Referrer-Policy : strict-origin-when-cross-origin";

support here are expected, thanks