WPADMIN-SBR Forbidden 403 Accessing Admin

Home Forums BulletProof Security Pro WPADMIN-SBR Forbidden 403 Accessing Admin

Viewing 5 posts - 1 through 5 (of 5 total)
  • Author
    Posts
  • November 9, 2015 at 2:32 pm #26075
    netvisibilitygroup
    Participant

    So I temporarily disabled wp-admin Folder BulletProof Mode and now can’t activate it. I get a 403 Forbidden page. I also am unable to run the setup wizard because I get the same 403 error immediately.  There is currently NO .htaccess file in wp-admin. I did try creating a blank one with 644 permissions but it didn’t work so I deleted it.  I also tried deactivating other plugins to no avail.  Here’s the last security log:

    [403 POST Request: November 9, 2015 - 2:30 pm]
Event Code: WPADMIN-SBR
Solution: http://forum.ait-pro.com/forums/topic/security-log-event-codes/
REMOTE_ADDR: 50.137.62.149
Host Name: c-50-137-62-149.hsd1.or.comcast.net
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR:
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: POST
HTTP_REFERER: http://new.netvisibilitygroup.com/wp-admin/admin.php?page=bulletproof-security%2Fadmin%2Fcore%2Fcore.php
REQUEST_URI: /wp-admin/admin-ajax.php
QUERY_STRING:
HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:42.0) Gecko/20100101 Firefox/42.0
REQUEST BODY: interval=60&_nonce=fe0c0f76d3&action=heartbeat&screen_id=bulletproof-security%2Fadmin%2Fcore%2Fcore&has_focus=true

    Thank you!

    November 9, 2015 at 3:02 pm #26077
    netvisibilitygroup
    Participant

    No there’s nothing in the log showing another plugin being blocked. I’m getting the 403 forbidden error on just about everything including trying to add custom code, run the set up wizard, activate wp-admin protection etc. I’m dead in the water and don’t know how to proceed.

    November 9, 2015 at 3:33 pm #26078
    AITpro Admin
    Keymaster

    The problem you are describing is caused by an older version of the recent new POST Request Attack Protection Bonus Custom Code.  We created an automated fix for this problem in BPS Pro 11.4 when you upgrade to BPS Pro 11.4, but you can manually fix this by using FTP or your web host control panel file manager and delete these 2 files:  /wp-content/bps-backup/autorestore/root-files/auto_.htaccess and your BPS root htaccess file.  Then log into your site and add these 2 new lines highlighted in Yellow below to your POST Request Attack Protection Bonus Custom Code that is saved in BPS Custom Code, click the Save Root Custom Code button and do the rest of the Custom Code steps.

    # BPS POST Request Attack Protection
RewriteCond %{REQUEST_METHOD} POST [NC]
# NEVER COMMENT OUT THIS LINE OF CODE BELOW FOR ANY REASON
RewriteCond %{REQUEST_URI} !^.*/wp-admin/ [NC]
# Whitelist the WordPress Theme Customizer
RewriteCond %{HTTP_REFERER} !^.*/wp-admin/customize.php
    November 9, 2015 at 4:10 pm #26084
    netvisibilitygroup
    Participant

    That did it! THANK YOU!

    November 9, 2015 at 4:20 pm #26085
    AITpro Admin
    Keymaster

    Great!  Thanks for confirming that worked.

  • Author
    Posts
Viewing 5 posts - 1 through 5 (of 5 total)
  • You must be logged in to reply to this topic.