Resolved 403 forbidden error on Wordpress login

Status
Not open for further replies.

goplanetsdesign36

New Member
Prime Account
Messages
21
Reaction score
1
Points
3
Hello, suddenly I'm getting a 403 forbidden error when I try to go to wp-admin to login. The frontend of the site is working fine though. I haven't made any changes to either my hosting account or my Wordpress configuration to cause this. Any help would be much appreciated.
 

garrettroyce

Community Support
Community Support
Messages
5,611
Reaction score
249
Points
63
Can you check the file permissions? It should be 644 (owner read/write, everyone else read only).

Also check your error log file.
 

goplanetsdesign36

New Member
Prime Account
Messages
21
Reaction score
1
Points
3
On the wp-admin folder? The permissions are 755. The error log just has lines like this repeated:

2020-09-14 18:29:22.557659 [INFO] [1205003] [188.165.197.116:50511-3#APVH_www.planetsdesign.x10.mx] [ACL] Access to context [/wp-admin/] is denied!

The htaccess file in wp-admin has the following:

<FilesMatch ".*\.(phtml|php|PhP|php5|suspected)$">
Order Allow,Deny
Deny from all
</FilesMatch>
 

garrettroyce

Community Support
Community Support
Messages
5,611
Reaction score
249
Points
63
I think that .php should not be blocked. It's strange that it would be. If the file name is "index.php" then the FilesMatch would see
=> .* (file name starts with anything)
=> . (a literal "." character)
=> php (of the choices phtml|php...suspected, php matches)
=> $ (end of file name)

So it would block any file that is .php. I think it should be

Code:
<FilesMatch ".*\.(phtml|PhP|php5|suspected)$">
Order Allow,Deny
Deny from all
</FilesMatch>

I don't know why any of this is necessary, but I assume Wordpress has some theory on it.

Here's a regex tester you can play with to see the result:

https://regex101.com/r/NRQCnr/1
 

goplanetsdesign36

New Member
Prime Account
Messages
21
Reaction score
1
Points
3
I swapped it out, but unfortunately it's giving me the same error. Should I edit the htaccess in public_html as well? It looks like this:

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . index.php [L]
</IfModule>
<FilesMatch ".*\.(phtml|php|PhP|php5|suspected)$">
Order Allow,Deny
Deny from all
</FilesMatch>
<FilesMatch "(index).php$">
Order Allow,Deny
Allow from all
</FilesMatch>
 

garrettroyce

Community Support
Community Support
Messages
5,611
Reaction score
249
Points
63
My bad, one more line needs to be changed

Code:
<FilesMatch ".*\.(phtml|PhP|php5|suspected)$">
Order Allow,Deny
</FilesMatch>[code]
 

garrettroyce

Community Support
Community Support
Messages
5,611
Reaction score
249
Points
63
Hm. Maybe this:

Code:
<FilesMatch ".*\.(phtml|php5|suspected)$">
Order Allow,Deny
</FilesMatch>
 

goplanetsdesign36

New Member
Prime Account
Messages
21
Reaction score
1
Points
3
To be clear, should I be changing just the htaccess within wp-admin, or the public_html one, or both?
 

garrettroyce

Community Support
Community Support
Messages
5,611
Reaction score
249
Points
63
just wp-admin. The main .htaccess in public_html has RewriteRules to make pretty URL formatting work. There could be some stuff in there that would make this not work as well. So maybe that needs to be investigated as well.
 

goplanetsdesign36

New Member
Prime Account
Messages
21
Reaction score
1
Points
3
Is it possible that it's some sort of issue with the php version on the server? I didn't make any changes to wordpress or my hosting when this happened.
 

garrettroyce

Community Support
Community Support
Messages
5,611
Reaction score
249
Points
63
.haccess is specific to the webserver and not PHP

Temporarily rename ~/domains/your_domain_name/.htaccess and also ~/domains/your_domain_name/wp-admin/.htaccess and see if that helps. You can do something like old.htaccess and it will work

If it doesn't work, please post your error logs
 

garrettroyce

Community Support
Community Support
Messages
5,611
Reaction score
249
Points
63
Ok, restore ~/domains/your_domain_name/.htaccess from what you named it. Leave .../wp-admin alone

If that doesn't work, please post ~/domains/your_domain_name/.htaccess and also the last few lines of your error log
 

garrettroyce

Community Support
Community Support
Messages
5,611
Reaction score
249
Points
63
Here's the default .htaccess for Wordpress https://wordpress.org/support/article/htaccess/

Code:
# BEGIN WordPress

RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]

# END WordPress

Anything else isn't necessary and could potentially cause problems. You only need this if you have the pretty url formatting turned on. Eq, http://your-site.example/index.php?q=some-link would be pretty formatted as http://your-site.example/some-link
 
Status
Not open for further replies.
Top