Home › Forums › BulletProof Security Pro › Login page – 403 error
Tagged: 403 error, login, ModSecurity, mod_security
- This topic has 12 replies, 2 voices, and was last updated 8 years, 10 months ago by alexb.
-
AuthorPosts
-
alexbParticipant
Hi,
I haven’t logged into this one site of mine for a while (it has BPS pro installed) and today instead of the WP dashboard was greeted by BPS’s 403 error page.
I searched google and found some topics on the WP.org forum suggesting to change permissions of the .htaccess file in root/wp-admin from 404 to 644 (didn’t help) or to delete both .htaccess files altogether. This didn’t help either and I’m still unable to log into my site.
What would be the next step I could try?
Thanks,
AlexAITpro AdminKeymasterUse FTP or your web host control panel file manager and copy your root htaccess file code in your forum reply so I can take a look at your root htaccess file code and then delete the BPS root htaccess file from your website’s WordPress installation folder. Let me know if you can login to your site after deleting the BPS root htaccess file.
alexbParticipantLike I said in my initial post, I already deleted both the root htaccess file and the one in /wp-admin. Of course auto-restore would restore them within 2 minutes but before that happend (meaning when both were indeed removed and I double-checked by refreshing the directory in my ftp software) I was still not able to log into my site. Also tried it in a different browser, same problem (so no cache/cookie issue).
Here is the content of my root htaccess file. This is the version I use for all of my sites and for some reason I can log into my other WP sites (that have the same htaccess file) without any issues.
[root htaccess file code copied and deleted from this topic]AITpro AdminKeymasterWhen I try to view your website I see this server error message:
Bandwidth Limit Exceeded
The server is temporarily unable to service your request due to the site owner reaching his/her bandwidth limit. Please try again later.When I go to your wp-login.php page I do not see a 403 error. Are you seeing the 403 error when you visit the login page or after you try to login? The problem may be because of Bandwidth Limit Exceeded problem. Check with your web host and see if being out of Bandwidth would cause a 403 error.
Also use FTP or your web host control panel file manager and send this file: /wp-content/bps-backup/logs/autorestore_log.txt to: info at ait-pro dot com so that I can see if the problem is related to files being quarantined.
alexbParticipantThanks for deleting that htaccess code again, wasn’t aware that this would also show the site in question. I’ve sent you an email with the requested file, hope you can find something. Please confirm you received it.
You’re right, I get the error after I try to login (so instead of being redirected to the WP dashboard, I get the 403 error page), not when going to the login page itself.
AITpro AdminKeymasterThe problem is not a root htaccess file problem. The problem is not an AutoRestore quarantined file problem. So either this is a plugin problem or this is a host server problem. ie your host is accidently blacklisting your ip address and blocking you from being able to login to your website or the problem is related to the Bandwidth exceeded problem. To eliminate that a plugin is causing this problem do this: rename the /plugins/ folder and try to login to your website. If you are able to login to your website then rename the /plugins/ folder back to /plugins/ right after you have logged in. If you are not able to login to your website after renaming the /plugins/ folder then this is a host server problem that you will need to contact your web host about to get fixed.
alexbParticipantWell, this is really awkward then. I can rather safely exclude a host issue since I have dozens of sites like this one sitting in the same account (and they have the same combination of plugins + settings + htaccess) and I tried a few of them and can log in without any issues like the above.
I assume the files you looked at didn’t bring up any specific errors that might cause this?
I renamed the plugins folder and my front page loads fine but the wp-login then will just time out (after logging in, not when loading the actual login page). DNS settings appear to be fine.
Could there be some corrupt database or something?
Also, if BPS pro has nothing to do with this, why does the login redirect me to the BPS pro 403 error page?
AITpro AdminKeymasterI have seen some web hosts accidentally blacklist a person’s ip address per website/server. So if that has happened then you would be seeing exactly what you are seeing now. ie cannot login to 1 website, but can login to other websites on the same host.
A 403 error is an industry standard HTTP Status Response code. BPS logs all 403 errors whether or not they are related to or caused BPS. ie if your server is blocking something and is causing the 403 error then BPS handles that server 403 error and sends you to the BPS 403 error template.
How to test whether or not the 403 error is caused by BPS or not. Rename the /bulletproof-security/ plugin folder and delete your root and wp-admin htaccess files.
Hmm which just made me think that maybe the problem is with your wp-admin htaccess file. Post the contents of your /wp-admin/.htaccess file.
alexbParticipantTo exclude this IP ban thing, I used a couple different proxies to visit the website and the problem repeated for every IP. Also I don’t think I’m blocked since the homepage (or other pages on the site) load fine, just the login is not working at all. If they blocked my IP on a site-basis, I shouldn’t even be seeing the homepage or others, right?
Here is my wp-admin htaccess contents, hope you find something.
[wp-admin htaccess code copied and delete from this forum topic]AITpro AdminKeymasterAnother possibility is the problem is with your Browser or if you are using a VPN or Proxy. Try switching to a different Browser and make sure you have disabled any extensions or add-ons in that other Browser.
Your wp-admin file looks fine so that is not the problem. Also if you have corrupt Browser cache that can cause this type of problem, but a more likely cause is a Browser extension or add-on or VPN or Proxy.
alexbParticipantTried different browsers and different IPs, no change.
Renamed BPS Pro folder and I indeed get a standard 403 error page saying I’m not allowed to access /wp-admin/index.php.
Alright, seems like the host needs to take a look here, thanks for your efforts! Will keep you posted.AITpro AdminKeymasterOk yep you have confirmed that the problem is with your host server. So contact your host to get this problem fixed. And what you want to ask your host is if they are using Brute Force Login protection and have accidentally blacklisted your IP address. This is a fairly common issue/problem these days since hosts have implemented Brute Force Login protection on their servers.
alexbParticipantUpdate: host fixed it. With the latest update, a certain mod_security rule caused everyone to get blocked who tried logging in (this problem only started happening with the latest WordPress update). Disabling the rule stopped this mess from happening. Thanks!
-
AuthorPosts
- You must be logged in to reply to this topic.