Error 403 Throughout Plugin

  • Resolved markisparki

    (@markisparki)


    2 years, 6 months ago

    I have been using this plugin for years, and on the front end everything works perfectly (thank you).

    However in the last few days, on the back end, any attempt to change a setting or field results in a 403 error.

    I have turned off all plugins, checked permissions on files (644), folders (755) etc, .htcaccess (644 and writing from the Admin dashboard) – all looks good and literally everything works except backend changes.

    Our host uses litespeed for information, but I have purged all caches etc – nothing seems to work.

    Any help welcome as I need to edit some fields – thank you

Viewing 2 replies - 1 through 2 (of 2 total)
  • Thread Starter markisparki

    (@markisparki)

    OK – I am going to mark this as resolved as the fix it NOT related to the plugin.

    I will put my ‘fix’ here for posterity.

    It took me a while, but on my cPanel there is an applet called ModSecurity. Apparently, edits to this – and only this – plugin had been denied when using the options-general.php page (which is the normal options page for plugins).

    Refreshing the settings for this applet (which I think was ‘turn it off and on again’) plus ensuring a couple of litespeed cache purges were cycled fixed the issue for me, at least.

    Apologies to the plugin author – your plugin is ace – but no idea why ModSecurity blacklisted you in the first place!

    Plugin Author Chad Butler

    (@cbutlerjr)

    Glad to hear you were able to figure this out.

    For reference, there is an FAQ on this in the plugin’s docs. I note it here for future users who may come upon this. I certainly don’t fault you (or anyone else) if it goes unnoticed because the docs are fairly extensive and this can easily be unnoticed (In fact, the primary reason it and most FAQs are there are simply for me to have a quick link when common questions come up since I know where they are)
    https://rocketgeek.com/plugins/wp-members/docs/faqs/why-do-i-get-a-403-forbidden-error-when-updating-settings/

    Anyway… the general issue here is that ModSecurity has a lot of automation build into it for adding rules. Hosts can simply pull in prebuilt rulesets. It all depends on where they get their rulesets and how often they update them, as there are several places that provide ModSec rulesets, both free and paid. (I also run a hosting platform and am a user of ModSec, so I’m familiar with its setup.) I provide this info primarily as an answer to the question, “no idea why ModSecurity blacklisted you in the first place” – it’s not necessarily ModSec, but rather the ruleset, who put it together, and when it was last updated.

    Thanks for your post as well as your followup. Glad to hear you like the plugin. (If you haven’t already done so in the past, please consider giving it a review.)

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Error 403 Throughout Plugin’ is closed to new replies.