403 Forbidden

Hi Helen,

For some reason, I’m not able to get to your website at all right now. But that might be on my end….

What are the contents of your .htaccess file? The file is located in the root folder of your website. You can get to it by FTP or through your cPanel.

I’m thinking something there might be restricting access to your dashboard.

Hi Shawn,

Thanks for getting back to me so quickly.

I can’t get to the files – they’re not loading.

I don’t think it’s anything to do with the host as I have another website with them and that’s working fine.

Is there anything else I could try?

OK it’s finally loaded
Here’s what I have in the .htaccess file – I’ve taken out the IP addresses

<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{REQUEST_URI} ^(.*)?wp-login\.php(.*)$ [OR]
RewriteCond %{REQUEST_URI} ^(.*)?wp-admin$
RewriteCond %{REMOTE_ADDR} !^IP ADDRESS HERE$
RewriteCond %{REMOTE_ADDR} !^SECOND IP ADDRESS HERE$
RewriteRule ^(.*)$ – [R=403,L]
</IfModule>

# Block the include-only files.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^wp-admin/includes/ – [F,L]
RewriteRule !^wp-includes/ – [S=3]
RewriteRule ^wp-includes/[^/]+\.php$ – [F,L]
RewriteRule ^wp-includes/js/tinymce/langs/.+\.php – [F,L]
RewriteRule ^wp-includes/theme-compat/ – [F,L]
</IfModule>

<files ~ “^.*\.([Hh][Tt][Aa])”>
order allow,deny
deny from all
satisfy all
</files>

<files wp-config.php>
order allow,deny
deny from all
</files>

# Block the include-only files.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^wp-admin/includes/ – [F,L]
RewriteRule !^wp-includes/ – [S=3]
RewriteRule ^wp-includes/[^/]+\.php$ – [F,L]
RewriteRule ^wp-includes/js/tinymce/langs/.+\.php – [F,L]
RewriteRule ^wp-includes/theme-compat/ – [F,L]
</IfModule>

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ – [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress

# disable directory browsing
Options All -Indexes

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?helenlord.com [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?SECOND WEBSITE HERE [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ https://i.imgur.com/g7ptdBB.png [NC,R,L]

Hi Helen,

It looks like this block:

<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{REQUEST_URI} ^(.*)?wp-login\.php(.*)$ [OR]
RewriteCond %{REQUEST_URI} ^(.*)?wp-admin$
RewriteCond %{REMOTE_ADDR} ******** (REDACTED)
RewriteCond %{REMOTE_ADDR} ******** (REDACTED)
RewriteRule ^(.*)$ - [R=403,L]
</IfModule>

Is restricting access to the login page and the admin functions to two specific IP addresses: ******** (REDACTED) ********, which I’m assuming neither one are the IP you are trying to access your dashboard from.

Remove that block from the .htaccess file and it should let you in.

Shawn

Great,

Thanks Shawn that worked!

If poss could you edit your post to delete ip addresses – thank you for your help.

Hi Helen,

I’ve removed the IPs from my post. Glad to hear you’re back in. Don’t forget to mark this issue as resolved.

Cheers.

Thank you very much Shawn.