403 Error when logging out of website

[Adendum]

Hi,

I’m kind of stuck on this and scratching my head. I just installed BPS Free to overcome what I thought was an .htaccess issue I had somehow created but I don’t think it is or was now.

For a while I have been logging out and getting a 403 error. I only recently migrated a development site to a live server so had not taken this seriously until today. Anyway my plan was to install the mighty BPS and sort out the htaccess from there. But after the install – standard, no extras used – and I’ve activated and enabled all the htaccess options as I have before but logout still produces the 403.

So the next step was to deactivate all other plugins and try again. No change. I renamed the root htaccess and tried again with no change. Renamed the wp-admin htaccess also and same – 403. I’ve checked that my IP address isn’t blocked also.

I’d change themes to test this but I have the same theme and BPS together on my other site and that’s all working fine and anyway I had this issue before I installed BPS…so I have no idea what is causing the 403 error…and I appreciate that this isn’t a BPS problem but I don’t know where else to go to get the best advice. Any input appreciated.

EDIT: Love this forum – clever….and now I see in the BPS log an event code and a pointer to a forum post:-

[403 GET / HEAD Request: August 27, 2014 - 2:55 pm]
Event Code: WPADMIN-SBR
Solution: http://forum.ait-pro.com/forums/topic/security-log-event-codes/
REMOTE_ADDR: 109.156.15.91
Host Name: host109-156-15-91.range109-156.btcentralplus.com
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR:
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER: http://DOMAINCHANGED.com/wp-admin/index.php
REQUEST_URI: /wp-login.php?action=logout&_wpnonce=4cc51208bf
QUERY_STRING:
HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:31.0) Gecko/20100101 Firefox/31.0

But…..forgive my ignorance……….I have no idea what I am meant to be doing now that I know I have this event happening? Easy fix ? But how

[AITpro Admin]

Since this is not a BPS plugin issue/problem then do the standard WordPress troubleshooting steps below.  Unfortunately, the Security Log entry does not tell you what could be causing the 403 error or problem and is only logging that a 403 error is occurring.  BPS logs all 403 errors on a website.

“…anyway I had this issue before I installed BPS…so I have no idea what is causing the 403 error…and I appreciate that this isn’t a BPS problem but I don’t know where else to go to get the best advice. Any input appreciated…”

Deactivate all of your plugins and switch your theme and resave your WordPress Permalinks and reinstall WordPress on the WordPress Updates page. One of these things should correct the problem.  And then you can take it from there if the problem is still occurring and isolate exactly which thing that is.

[Adendum]

Many thanks for taking the time – particularly as this has nothing to do with BPS!!!!!

I have followed the advice – I have

1. deactivated all plugins
2. switched theme to the standard 2014 theme
3. reinstalled WP
4. saved permalinks

No change….hmmmm.

[AITpro Admin]

Try deleting your Browser cache and plugin cache (if you are using a caching plugin).  If that does not work then look at this WordPress forum topic for some other things to check.

http://wordpress.org/support/topic/problem-log-out-with-wordpress?replies=17

[Adendum]

I have done the browser cache clearout and I tried three other browsers but none of them will allow me in. They just show the 403 error. I asked the client to try and login from their end and they also get the same 403 error. So at least I know the problem is not specific to me, my PC, browser or connection as I am in the UK and the client is in the USA. Therefore it must be ……, well, something in the site settings…but where and what?

[AITpro Admin]

At this point you need to contact the Host for this website and have them check the Server logs to assist you.  This serves multiple purposes.  A lot of Hosts are now taking direct action to block/protect WordPress Login pages (some Hosts notify customers about this and some do not).  So this could be something the Host is doing and there is a mistake somewhere.  Or after the Host looks at the Server logs they will be able to tell you why the Login page is being blocked and by what.

[Adendum]

Yup, already on that. It’s not my hosting company so I’ve asked the client to seek help. Many thanks for your time and patience. It is MUCH appreciated as there is nothing worse than the lost and alone feeling! Which I didn’t have thanks to you!

[AITpro Admin]

Here is another possibility/scenario that could cause a problem like this:

If this particular website is a subdirectory website in a folder below the root of the hosting account root folder and an .htaccess file exists in the root folder of the hosting account then the security rules in the hosting account root .htaccess file will be applied to all subdirectory websites, unless a subdirectory site has its own .htaccess rules.  See the forum topic link below for a full explanation of how .htaccess files work in general and in hosting environments with multiple websites installed.

http://forum.ait-pro.com/forums/topic/ok-to-use-brute-force-login-protection-if-need-login-in-subfolder/#post-16705

[Author]

Posts