WPADMIN-SBR Forbidden 403 Accessing Admin

Home Forums BulletProof Security Pro WPADMIN-SBR Forbidden 403 Accessing Admin

This topic contains 4 replies, has 2 voices, and was last updated by  AITpro Admin 2 years, 7 months ago.

Viewing 5 posts - 1 through 5 (of 5 total)
  • Author
    Posts
  • #26075

    netvisibilitygroup
    Participant

    So I temporarily disabled wp-admin Folder BulletProof Mode and now can’t activate it. I get a 403 Forbidden page. I also am unable to run the setup wizard because I get the same 403 error immediately.  There is currently NO .htaccess file in wp-admin. I did try creating a blank one with 644 permissions but it didn’t work so I deleted it.  I also tried deactivating other plugins to no avail.  Here’s the last security log:

    [403 POST Request: November 9, 2015 - 2:30 pm]
    Event Code: WPADMIN-SBR
    Solution: http://forum.ait-pro.com/forums/topic/security-log-event-codes/
    REMOTE_ADDR: 50.137.62.149
    Host Name: c-50-137-62-149.hsd1.or.comcast.net
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: POST
    HTTP_REFERER: http://new.netvisibilitygroup.com/wp-admin/admin.php?page=bulletproof-security%2Fadmin%2Fcore%2Fcore.php
    REQUEST_URI: /wp-admin/admin-ajax.php
    QUERY_STRING:
    HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:42.0) Gecko/20100101 Firefox/42.0
    REQUEST BODY: interval=60&_nonce=fe0c0f76d3&action=heartbeat&screen_id=bulletproof-security%2Fadmin%2Fcore%2Fcore&has_focus=true

    Thank you!

    #26077

    netvisibilitygroup
    Participant

    No there’s nothing in the log showing another plugin being blocked. I’m getting the 403 forbidden error on just about everything including trying to add custom code, run the set up wizard, activate wp-admin protection etc. I’m dead in the water and don’t know how to proceed.

    #26078

    AITpro Admin
    Keymaster

    The problem you are describing is caused by an older version of the recent new POST Request Attack Protection Bonus Custom Code.  We created an automated fix for this problem in BPS Pro 11.4 when you upgrade to BPS Pro 11.4, but you can manually fix this by using FTP or your web host control panel file manager and delete these 2 files:  /wp-content/bps-backup/autorestore/root-files/auto_.htaccess and your BPS root htaccess file.  Then log into your site and add these 2 new lines highlighted in Yellow below to your POST Request Attack Protection Bonus Custom Code that is saved in BPS Custom Code, click the Save Root Custom Code button and do the rest of the Custom Code steps.

    # BPS POST Request Attack Protection
    RewriteCond %{REQUEST_METHOD} POST [NC]
    # NEVER COMMENT OUT THIS LINE OF CODE BELOW FOR ANY REASON
    RewriteCond %{REQUEST_URI} !^.*/wp-admin/ [NC]
    # Whitelist the WordPress Theme Customizer
    RewriteCond %{HTTP_REFERER} !^.*/wp-admin/customize.php
    #26084

    netvisibilitygroup
    Participant

    That did it! THANK YOU!

    #26085

    AITpro Admin
    Keymaster

    Great!  Thanks for confirming that worked.

Viewing 5 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic.