POST admin-ajax.php 403 error

Home Forums BulletProof Security Pro POST admin-ajax.php 403 error

This topic contains 21 replies, has 3 voices, and was last updated by  Living Miracles 1 year, 2 months ago.

Viewing 15 posts - 1 through 15 (of 22 total)
  • Author
    Posts
  • #32340

    Tin Hoang
    Participant

    Hello, when I try to save a setting, in another plugin for a specific site, running on a network installation of WordPress I get the following error. However, when I try to save the same setting on one of my other subsites it saves ok. So the issue is happening only one 1 site. The error is below:

    https://www.dropbox.com/s/f4oqr4jhi3at4ue/403.jpg?dl=0

    I’ve tried to add

    # admin-ajax.php & post.php skip/bypass rule
    RewriteCond %{REQUEST_URI} (admin-ajax\.php) [NC]
    RewriteRule . - [S=2]

    to my CUSTOM CODE WPADMIN PLUGIN/FILE SKIP RULES but that is not working.
    any ideas would be helpful.

    Thank you,

    Tin

    #32341

    AITpro Admin
    Keymaster

    Go to the BPS Security Log page and post the Security Log entry for this.

    #32342

    Tin Hoang
    Participant

    I went to the Security Log but there is no entry with the REQUEST_URI similiar to

    https://bluegemini.ca/wp-admin/admin-ajax.php

    please advise.

    #32343

    AITpro Admin
    Keymaster

    Do BPS Pro troubleshooting steps #1 and #2:  https://forum.ait-pro.com/forums/topic/read-me-first-pro/#bps-pro-general-troubleshooting  Test saving plugin settings after doing troubleshooting step #1 then test saving plugin settings after doing troubleshooting step #2. Let me know what happens.

    #32344

    Tin Hoang
    Participant

    Hello,

    I executed 1 (1. On the Security Modes page, click the Root Folder BulletProof Mode Deactivate button. See Custom Code Note if doing this step works.)

    then tried to save the setting it didnt work. Still same error 403 when I try to save the setting.

    then i executed 2 –
    (2. On the Security Modes page, click the wp-admin Folder BulletProof Mode Deactivate button. See Custom Code Note if doing this step works.)

    same error ..403

    I think it has now caused a new error after that change (attached) my images arent loading on most of my subsites! I’ve reenabled 1 and 2 with no luck.

    https://www.dropbox.com/s/v5203euo386fo4w/404.png?dl=0

    #32345

    AITpro Admin
    Keymaster

    Ok so your BPS htaccess files are not causing the problem.  That means something else that you have installed (another plugin or your theme) is causing the problem.  Try deactivating all of your other plugins.  You can activate BPS htaccess files again.  The folder name shown in the 404 errors is not a valid WordPress folder:  /files/ is not a valid WordPress folder name.  If the /files/ folder is outside of WordPress in your hosting account root folder then I assume you had a skip/bypass rule for the /files/ folder in your root htaccess file and the errors should go away once you activate root folder BulletProof Mode again.

    #32346

    Tin Hoang
    Participant

    Hi

    /files/folders/ is in my root wordpress folder – I am running a multisite installation of wordpress. I’ll check the other plugs or themes

    thank you.

    #32745

    Living Miracles
    Participant

    [Topic has been merged into this relevant Topic]
    Hi,

    On our WordPress multisite, I noticed something strange yesterday. After logging into the back-end, I took a look at one of the subsites on the front-end. When clicking on certain menu items (one of them leading to a page with several embedded Spreaker audio players and another to a blog page), I got some popups with 404/forbidden errors. I checked the console for errors and found that the admin-ajax.php file showed up with: “Failed to load resource: the server responded with a status of 403 (Forbidden).” It seems like this started happening after the BPS Pro 12.8 update because I’ve never seen this issue previously.

    So, I implemented the below code into the wp-admin htaccess File Custom Code box 3. CUSTOM CODE WPADMIN PLUGIN/FILE SKIP RULES:

    # SKIP/BYPASS RULE FOR ADMIN-AJAX.PHP
    RewriteCond %{REQUEST_URI} (admin-ajax\.php) [NC]
    RewriteRule . - [S=2]

    Could you say what is happening here and why the admin-ajax.php was being forbidden?

    Thanks so much!

    #32747

    AITpro Admin
    Keymaster

    @ Living Miracles – Go to your BPS Security Log page and post any Security Log entries for this 403 error so I can see what is being blocked.

    #32749

    Living Miracles
    Participant

    There are actually no entries in the security log for the admin-ajax.php file.

    #32750

    AITpro Admin
    Keymaster

    @ Living Miracles – Ok then this was definitely the correct topic to merge your forum topic post into.  What I am thinking is some other security measure on your host server is causing the 403 error.  Do BPS Pro troubleshooting steps #1 and #2 to confirm that BPS htaccess code is not causing the block/403 errors:  https://forum.ait-pro.com/forums/topic/read-me-first-pro/#bps-pro-general-troubleshooting  If the 403 errors are still occurring after doing BPS Pro troubleshooting steps #1 and #2 then you will need to contact your web host and see if they have some security measure on the host server that is causing the 403 errors. Could be something like a mod_security SecRule or SecFilter is blocking something that appears to be malicious.

    #32812

    Living Miracles
    Participant

    Hi again, it’s been a little hard to troubleshoot this issue. When I deactivated the Root Folder BulletProof Mode, the issue did seem to go away, however, I couldn’t do any other troubleshooting because the issue didn’t come back after re-enabling the Root Folder BP Mode. It may have been cache-related somehow; not sure.

    This issue has now returned and I think it’s a bit odd that it’s also happening when I’m not logged into the site. Somehow, even while logged out, and visiting the site just like a normal visitor would, I’m seeing the 404 pop-up error and can see the /wp-admin/admin-ajax.php file getting blocked. Why would this file even get triggered/called when I’m not even logged into this site?

    Thanks for any thoughts you can share on this. I just want to understand a bit better what’s going on.

    #32813

    AITpro Admin
    Keymaster

    @ Living Miracles – So what you need to do now is either look at your Apache server logs or have your web host look at your server logs to figure out what is causing the 403/404 error.  I don’t think doing standard WP troubleshooting is the best approach.  You need to see a log entry with an error message so you will be able to figure this problem out.  I have seen quite a lot of plugins call the admin-ajax.php file from the frontend of site.  Not exactly sure why that is done by those plugins. 😉

    #32860

    Living Miracles
    Participant

    Hi again. Thanks, I reviewed our server logs and can’t find anything in regards to the admin-ajax.php file there. I think the reason I wrote to you initially, is because the errors seemed to start after the most recent BPS Pro update and in the changelog, it mentioned a lot of AJAX-related updates. Is there any way those updates could cause the issues I’m seeing?

    Thanks so much!

    #32861

    AITpro Admin
    Keymaster

    @ Living Miracles – I don’t see anything in BPS Pro 12.8 that was updated/changed/etc. that would start causing this problem.  So that is probably just coincidental and something else changed somewhere else.  In any case, send me a WordPress Administrator login to this site so I can figure out what is causing the problem.

Viewing 15 posts - 1 through 15 (of 22 total)

You must be logged in to reply to this topic.