WP MAIL SMTP plugin – 403 error

[AITpro Admin]

Problem description sent via email:
1. I’m trying to send emails through WP MAIL SMTP plugin. After some step, i need to allow this plugin to send emails. When i click that option , i’m getting 403 forbidden error. Attached the screenshot here. Please guide to fix this issue.

Solution:

This is an RFI security rule problem in the wp-admin htaccess file.  Do the steps below to whitelist the WP Mail SMTP plugin Query String, which is simulating an RFI hacking attempt against your website.  Important note: If you deactivate wp-admin BulletProof Mode in the future then the root htaccess file will block this WP Mail SMTP plugin Query String and you would need to whitelist the RFI security rules in the root htaccess file.  You do not need to do that at this time assuming you have root BulletProof Mode activated.

1. Copy the modified wp-admin htaccess code below to this BPS wp-admin Custom Code text box: 4. CUSTOM CODE BPSQSE-check BPS QUERY STRING EXPLOITS AND FILTERS
2. Click the Save wp-admin Custom Code button.
3. Go to the BPS Pro Setup Wizard page and run the Pre-Installation Wizard and Setup Wizard. For BPS free just run the Setup Wizard

# BEGIN BPSQSE-check BPS QUERY STRING EXPLOITS AND FILTERS
# WORDPRESS WILL BREAK IF ALL THE BPSQSE FILTERS ARE DELETED
# Use BPS wp-admin Custom Code to modify/edit/change this code and to save it permanently.
RewriteCond %{HTTP_USER_AGENT} (%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} (libwww-perl|wget|python|nikto|curl|scan|java|winhttp|HTTrack|clshttp|archiver|loader|email|harvest|extract|grab|miner) [NC,OR]
RewriteCond %{THE_REQUEST} (\?|\*|%2a)+(%20+|\\s+|%20+\\s+|\\s+%20+|\\s+%20+\\s+)(http|https)(:/|/) [NC,OR]
RewriteCond %{THE_REQUEST} etc/passwd [NC,OR]
RewriteCond %{THE_REQUEST} cgi-bin [NC,OR]
RewriteCond %{THE_REQUEST} (%0A|%0D) [NC,OR]
RewriteCond %{REQUEST_URI} owssvr\.dll [NC,OR]
RewriteCond %{HTTP_REFERER} (%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
RewriteCond %{HTTP_REFERER} \.opendirviewer\. [NC,OR]
RewriteCond %{HTTP_REFERER} users\.skynet\.be.* [NC,OR]
#RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(http|https):// [NC,OR]
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(\.\.//?)+ [NC,OR]
#RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ [NC,OR]
RewriteCond %{QUERY_STRING} \=PHP[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12} [NC,OR]
RewriteCond %{QUERY_STRING} (\.\./|%2e%2e%2f|%2e%2e/|\.\.%2f|%2e\.%2f|%2e\./|\.%2e%2f|\.%2e/) [NC,OR]
RewriteCond %{QUERY_STRING} ftp\: [NC,OR]
#RewriteCond %{QUERY_STRING} (http|https)\: [NC,OR]
RewriteCond %{QUERY_STRING} \=\|w\| [NC,OR]
RewriteCond %{QUERY_STRING} ^(.*)/self/(.*)$ [NC,OR]
RewriteCond %{QUERY_STRING} ^(.*)cPath=(http|https)://(.*)$ [NC,OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*iframe.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (<|%3C)([^i]*i)+frame.*(>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [NC,OR]
RewriteCond %{QUERY_STRING} base64_(en|de)code[^(]*\([^)]*\) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} ^.*(\(|\)|<|>).* [NC,OR]
RewriteCond %{QUERY_STRING} (NULL|OUTFILE|LOAD_FILE) [OR]
RewriteCond %{QUERY_STRING} (\.{1,}/)+(motd|etc|bin) [NC,OR]
RewriteCond %{QUERY_STRING} (localhost|loopback|127\.0\.0\.1) [NC,OR]
RewriteCond %{QUERY_STRING} (<|>|'|%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
RewriteCond %{QUERY_STRING} concat[^\(]*\( [NC,OR]
RewriteCond %{QUERY_STRING} union([^s]*s)+elect [NC,OR]
RewriteCond %{QUERY_STRING} union([^a]*a)+ll([^s]*s)+elect [NC,OR]
RewriteCond %{QUERY_STRING} (;|<|>|'|"|\)|%0A|%0D|%22|%27|%3C|%3E|%00).*(/\*|union|select|insert|drop|delete|update|cast|create|char|convert|alter|declare|order|script|set|md5|benchmark|encode) [NC,OR]
RewriteCond %{QUERY_STRING} (sp_executesql) [NC]
RewriteRule ^(.*)$ - [F]
# END BPSQSE-check BPS QUERY STRING EXPLOITS AND FILTERS

Security Log Entry:

[403 GET Request: September 25, 2018 12:36 pm]
BPS Pro: 13.7
WP: 4.9.8
Event Code: WPADMIN-SBR
Solution: https://forum.ait-pro.com/forums/topic/security-log-event-codes/
REMOTE_ADDR: 127.0.0.1
Host Name: 204414.cloudwaysapps.com
SERVER_PROTOCOL: HTTP/1.0
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR: 202.83.58.250, 127.0.0.1
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER:
REQUEST_URI: /wp-admin/options-general.php?page=wp-mail-smtp&tab=auth&code=4/ZQD550ryMZNyz-gh_FWjPnqpjRvAsa_c9tY6i7bu0X4xZnRilotc6Ck0YB_P6CLwRDjit9-We4qnfDkG7reAe8U&scope=https://mail.google.com/
QUERY_STRING: page=wp-mail-smtp&tab=auth&code=4/ZQD550ryMZNyz-gh_FWjPnqpjRvAsa_c9tY6i7bu0X4xZnRilotc6Ck0YB_P6CLwRDjit9-We4qnfDkG7reAe8U&scope=https://mail.google.com/
HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36

[Sandor]

Hi AITpro admin,

Can u help me to solve this problem at my own website?
I have the samen issue but can’t find some documents/files you are writing about.

Kind regards,
Sandor

[AITpro Admin]

@ Sandor – Do have the BPS plugin installed?  Do you have any other WordPress security plugins installed?  What exactly is the problem?  Please post a BPS Security Log entry so I can take a look at it.  What documents/files are you trying to find?

[Sandor]

Well I can not find where to put the code you have written.

I can share my wp login and php login, maybe you can have a look for me?

My email address is sandor@citypoint.nl

Kind regards,

Sandor

[AITpro Admin]

Do have the BPS free plugin or the BPS Pro plugin installed?

[Patrick Coleman]

I am using WP Gmail SMTP plugin and this solution worked like a charm to solve the 403 error.

Thanks for your great support!!

Pat

[Author]

Posts