Home › Forums › BulletProof Security Pro › VaultPress – 403 error, POST wp-load.php
Tagged: 403 error, POST, VaultPress, wp-load.php
- This topic has 2 replies, 2 voices, and was last updated 8 years, 4 months ago by Greg.
-
AuthorPosts
-
GregParticipant
I have been unable to overcome a Blocked/Forbidden Hacker or Spammer security issue despite reading and applying advice from various topics herein. Could you please advise how I can overcome this problem. Thanks in advance! Details are as follows:
[403 POST Request: August 1, 2016 - 10:51 pm] Event Code: BFHS - Blocked/Forbidden Hacker or Spammer Solution: N/A - Hacker/Spammer Blocked/Forbidden REMOTE_ADDR: 192.0.xx.xx Host Name: jobs5.misc.dca.vaultpress.com SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: POST HTTP_REFERER: https://vaultpress.com REQUEST_URI: /wordpress/wp-load.php?vaultpress=true&action=plugins%3Als&doing_wp_cron=&wp-admin=&vector=14780856871.8185 QUERY_STRING: HTTP_USER_AGENT: Automattic/VaultPress/0.1 REQUEST BODY: --------------------------1ffcdea4b580ece2 Content-Disposition: form-data; name="full_list" 1 --------------------------1ffcdea4a580ece2 Content-Disposition: form-data; name="limit" 50 --------------------------1ffcdea4a580ece2 Content-Disposition: form-data; name="offset" 0 --------------------------1ffcdea4a580ece2 Content-Disposition: form-data; name="path" / --------------------------1ffcdea4a580ece2 Content-Disposition: form-data; name="sha1" 1 ---------------------
AITpro AdminKeymasterI was able to replicate/reproduce this 403 error by remote posting to a test site that is using this BPS POST Attack Protection Bonus Custom Code: http://forum.ait-pro.com/forums/topic/post-request-protection-post-attack-protection-post-request-blocker/ So I assume you are using the BPS POST Attack Protection Bonus Custom Code on your website. To fix this issue I added additional whitelisting code to whitelist POST Requests to the wp-load.php file.
1. Go to BPS Custom Code
2. Click the Root htaccess File Custom Code accordion tab.
3. Edit your existing POST Attack Protection custom code and add this additional code below to whitelist POST Requests made to the wp-load.php file.
4. Click the Save Root Custom Code button.
5. Go to the Security Modes page and click the Root folder BulletProof Mode Activate button.# NEVER COMMENT OUT THIS LINE OF CODE BELOW FOR ANY REASON RewriteCond %{REQUEST_URI} !^.*/wp-load.php [NC]
GregParticipantMany thanks. Your solution worked perfectly!
-
AuthorPosts
- You must be logged in to reply to this topic.