WordPress Social Login – 403 error, unable to login

[AITpro Admin]

[Email Question]

BPS Pro is stopping the WordPress Social Login 2.1.5 from letting people sign up to the site, to join the forum. How do I tell BPS Pro to let people sign up?

403 GET / HEAD Request: June 14, 2014 - 5:16 pm]
Event Code: BFHS - Blocked/Forbidden Hacker or Spammer
Solution: N/A - Hacker/Spammer Blocked/Forbidden
REMOTE_ADDR: 203.122.218.7
Host Name: ppp203-122-218-7.static.internode.on.net
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR:
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER: http://[domain name removed for privacy]/wp-login.php?action=wordpress_social_authenticate&provider=Google&redirect_to=http%3A%2F%2F[domain name removed for privacy]%2Fforums%2F
REQUEST_URI: /wp-content/plugins/wordpress-social-login/hybridauth/?hauth.start=Google&hauth.time=1402731991
QUERY_STRING:
HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2048.0 Safari/537.36

[AITpro Admin]

Do BPS Pro troubleshooting steps 6 and 7 first to see if BPS Pro Login Security or JTC Anti-Spam|Anti-Hacker cannot be used with the WordPress Social Login plugin.  Typically you can only use 1 Login/Login Security feature at a time.

http://forum.ait-pro.com/forums/topic/read-me-first-pro/#bps-pro-general-troubleshooting

6. If an issue/problem is related to Login Security turn Off Login Security on the Login Security & Monitoring page.
7. If an issue/problem is related to JTC Anti-Spam|Anti-Hacker turn Off JTC Anti-Spam|Anti-Hacker on the JTC Anti-Spam|Anti-Hacker page.

After testing whether or not Login Security or JTC are the cause for the login issue then move on to these troubleshooting steps below.  Test after doing each troubleshooting step to isolate exactly which BPS Pro security feature is causing the 403 error.

1. On the Security Modes page, click the Root Folder BulletProof Mode Deactivate button. See Custom Code Note if doing this step works.
2. On the Security Modes page, click the wp-admin Folder BulletProof Mode Deactivate button.  See Custom Code Note if doing this step works.
3. On the Security Modes page, click the Plugin Firewall BulletProof Mode Deactivate button.

After you have isolated which BPS Pro security feature is causing the 403 error post that information here so that we can provide a whitelist rule for the WordPress Social Login plugin.

[Chazz]

hi,

was the issue here ever found? i am also having a 403 error breaking the wp social login plugin. the plugin prompts me to whitelist: http://www.domain.com/wp-content/plugins/wordpress-social-login/hybridauth/

[AITpro Admin]

Check your BPS Security Log and post the security log entry for what is being blocked and post that log entry in your reply.

[Chazz]

the log stays empty after failing a login even though logging is set to on. the plugin states: Error: Your web server returned 403 Forbidden when checking WSL end-points. This issue usually happen when:

1. Your web host uses mod_security to block requests containing URLs (eg. hosts like HostGator, GoDaddy and The Planet). On this case, you should contact your provider to have WSL end-points urls white-listed.
2. There is a .htaccess file that prevent direct access to the WordPress plugins directory.
In any case, WSL requires this url to be white-listed:http://www.domain.com/wp-content/plugins/wordpress-social-login/hybridauth/

[AITpro Admin]

Ok it sounds like the problem may not be related to BPS so let’s eliminate that BPS has anything to do with the problem.  Do these steps below to eliminate or confirm that BPS has something to do with the WSL problem.  After you have done these troubleshooting steps below test WSL and let me know if you are still seeing the 403 error.

1. On the Security Modes page, click the Root Folder BulletProof Mode Deactivate button. See Custom Code Note if doing this step works.
2. On the Security Modes page, click the wp-admin Folder BulletProof Mode Deactivate button.  See Custom Code Note if doing this step works.
3. On the Security Modes page, click the Plugin Firewall BulletProof Mode Deactivate button.

6. If an issue/problem is related to Login Security turn Off Login Security on the Login Security & Monitoring page.
7. If an issue/problem is related to JTC Anti-Spam|Anti-Hacker turn Off JTC Anti-Spam|Anti-Hacker on the JTC Anti-Spam|Anti-Hacker page.

[Chazz]

well, i did all that and the problem persists, so i guess it’s not related to BPS…

[AITpro Admin]

Yep had a feeling that was the case since a security log entry was not being logged.  Ok now what you want to do is post a question in the WSL plugin support forum on WordPress.  This is a similar question here:  [link redacted]

EDIT: Never mind I see you already created a thread here:  https://wordpress.org/support/topic/not-working-with-bulletproof-security-bps?replies=2

[AITpro Admin]

Oh and if you have the new Go Daddy cPanel hosting account type (saw that you posted your Host’s name in your WP forum thread) then 99% that is what is causing this issue.  I am using the Go Daddy Webclassic hosting account type and temporarily had a cPanel hosting account type for testing, but it is much more restrictive than the Webclassic hosting account type and I ran into several problems with things that I had installed so I am sticking with Webclassic for now. 😉

I have a hunch/theory that the root issue with Go Daddy cPanel hosting is that it uses very restrictive Mod Security SecRules/SecFilters, which block a lot of things.  You can try to use this code in the link below to turn off Mod Security (may or may not be allowed depending on the Server configuration) or maybe you can do that from your Host Control Panel.

http://forum.ait-pro.com/forums/topic/how-to-turn-off-mod-security-mod_security-secfilterengine-off/

[Chazz]

actually, i just tried a different social login plugin and now it works 🙂

[AITpro Admin]

Yep, sometimes that is the right way to go.  I took a look at that plugin’s forum support topic and I get the sense that it may be a bit overcomplex to troubleshoot, configure, setup, etc.  Usually that indicates a plugin is fairly new on the block and has not gotten to the higher levels yet of self-diagnosing and self-repairing capabilities – automation that automatically fixes problems (can take years to get there).

[AW]

[Topic has been merged into this relevant Topic]
Hi man,

Its me again. I would like to inquire about WP social Login. I encounter error 404 when i try to login via FB. My website is sabahtrade.com. I read thru the articles of WP social Login but i still face the same issue. Please guide me on how to solve it. Thanks.

Regards,
Alex Wong

[AITpro Admin]

@ AW – the previous person in this forum topic found that BPS Pro was not causing a problem for the WordPress Social Login plugin.  So you can either contact the WordPress Social Login plugin author to fix the problem or try another Social Login plugin like Chazz did.

[AW]

Hi BPS,

I read and follow the instruction give by BPS: My WordPress Social Login works like a charm! However, there’s some security advice from BPS as below:
The htaccess file that is activated in your root folder is:
BULLETPROOF PRO 11.4 SECURE .HTACCESS

√ wp-config.php is htaccess protected by BPS
√ php.ini and php5.ini are htaccess protected by BPS</span>

√ Deny All protection activated for BPS Master /htaccess folder
√ Deny All protection activated for /wp-content/bps-backup folder

ERROR: An htaccess file was NOT found in your wp-admin folder.
BulletProof Mode for the wp-admin folder should also be activated when you have BulletProof Mode activated for the Root folder.

The htaccess file that is activated in your plugins folder is:
BULLETPROOF PRO .HTACCESS PLUGIN FIREWALL

The htaccess file that is activated in your uploads folder is:
BULLETPROOF PRO UPLOADS FOLDER .HTACCESS

Should I activate the:Activate Plugin Firewall BulletProof Mode Looking forward for your reply.

Regards,
Alex Wong

[AITpro Admin]

The Plugin Firewall BulletProof is activated.  wp-admin BulletProof Mode is not activated.

[Author]

Posts