Home › Forums › BulletProof Security Pro › WPADMIN-SBR Forbidden 403 Accessing Admin
- This topic has 4 replies, 2 voices, and was last updated 8 years, 10 months ago by AITpro Admin.
-
AuthorPosts
-
netvisibilitygroupParticipant
So I temporarily disabled wp-admin Folder BulletProof Mode and now can’t activate it. I get a 403 Forbidden page. I also am unable to run the setup wizard because I get the same 403 error immediately. There is currently NO .htaccess file in wp-admin. I did try creating a blank one with 644 permissions but it didn’t work so I deleted it. I also tried deactivating other plugins to no avail. Here’s the last security log:
[403 POST Request: November 9, 2015 - 2:30 pm] Event Code: WPADMIN-SBR Solution: http://forum.ait-pro.com/forums/topic/security-log-event-codes/ REMOTE_ADDR: 50.137.62.149 Host Name: c-50-137-62-149.hsd1.or.comcast.net SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: POST HTTP_REFERER: http://new.netvisibilitygroup.com/wp-admin/admin.php?page=bulletproof-security%2Fadmin%2Fcore%2Fcore.php REQUEST_URI: /wp-admin/admin-ajax.php QUERY_STRING: HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:42.0) Gecko/20100101 Firefox/42.0 REQUEST BODY: interval=60&_nonce=fe0c0f76d3&action=heartbeat&screen_id=bulletproof-security%2Fadmin%2Fcore%2Fcore&has_focus=true
Thank you!
netvisibilitygroupParticipantNo there’s nothing in the log showing another plugin being blocked. I’m getting the 403 forbidden error on just about everything including trying to add custom code, run the set up wizard, activate wp-admin protection etc. I’m dead in the water and don’t know how to proceed.
AITpro AdminKeymasterThe problem you are describing is caused by an older version of the recent new POST Request Attack Protection Bonus Custom Code. We created an automated fix for this problem in BPS Pro 11.4 when you upgrade to BPS Pro 11.4, but you can manually fix this by using FTP or your web host control panel file manager and delete these 2 files: /wp-content/bps-backup/autorestore/root-files/auto_.htaccess and your BPS root htaccess file. Then log into your site and add these 2 new lines highlighted in Yellow below to your POST Request Attack Protection Bonus Custom Code that is saved in BPS Custom Code, click the Save Root Custom Code button and do the rest of the Custom Code steps.
# BPS POST Request Attack Protection RewriteCond %{REQUEST_METHOD} POST [NC] # NEVER COMMENT OUT THIS LINE OF CODE BELOW FOR ANY REASON RewriteCond %{REQUEST_URI} !^.*/wp-admin/ [NC] # Whitelist the WordPress Theme Customizer RewriteCond %{HTTP_REFERER} !^.*/wp-admin/customize.php
netvisibilitygroupParticipantThat did it! THANK YOU!
AITpro AdminKeymasterGreat! Thanks for confirming that worked.
-
AuthorPosts
- You must be logged in to reply to this topic.