As of using the plugin “WP and Divi Icons Pro”, which includes icons into the page-builder of the Divi theme, I get these kind of security log entries, even if “wp-admin Folder BulletProof Mode (WBM)” is deactivated:
[403 GET Request: 25. Oktober 2018 - 11:39]
BPS Pro: 13.7
WP: 4.9.8
Event Code: WPADMIN-SBR
Solution: https://forum.ait-pro.com/forums/topic/security-log-event-codes/
REMOTE_ADDR: xxx.xxx.xxx.xxx
Host Name: xxx.xxx.xxx.xxx
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR:
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER: https://[domain]/[sub-site]/wp-admin/post.php?post=230&action=edit
REQUEST_URI: /[sub-site]/wp-content/themes/Divi/css/editor-style.csshttps://[domain]/[sub-site]/wp-includes/css/dashicons.min.css?ver=4.9.8&wp-mce-4800-20180716
QUERY_STRING: ver=4.9.8&wp-mce-4800-20180716
HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:63.0) Gecko/20100101 Firefox/63.0
I read the according sections at https://forum.ait-pro.com/forums/topic/security-log-event-codes/ and searched the forum, but didn’t find a solution to resolve this issue related to this REQUEST_URI / QUERY_STRING. Any suggestion how to resolve this issue?
Just found the issue myself. It was not the /wp-admin/.htaccess , it was the root folder .htaccess, where I had the additional 6G Firewall code in Custom Code #14 which blocked the request. In detail it were the rules:
RedirectMatch 403 (:)
and
RedirectMatch 403 (?i)(https?):/
…in root folder .htaccess, which were responsible for the issue.
So, the Event Code: WPADMIN-SBR was misleading in this case. But solved 🙂