Maintenance Mode Not Able to Access Front-End

Yes, you are correct that if your current IP address has been added in the Maintenance Mode IP Address Whitelist Text Box then you should see your site normally and all visitors to your site will see your Maintenance Mode page.

Do you have the BPS free or BPS Pro plugin installed?
What type of WordPress site is this? Single/Standard WordPress site type, Giving WordPress Its Own Directory (GWIOD) site type or Network/Multisite site type?
When you do this google search: “what is my ip” is your current IP address the same IP address that you have entered into the Maintenance Mode IP Address Whitelist Text Box?
Is the 403 error page the BPS 403 error page or is it a standard/generic host server 403 error page?

Go to the BPS Security Log page and copy and paste the 403 error Security Log entry for the Maintenance Mode error from your BPS Security Log file in your forum reply. The Security Log entry should contain something similar to this in the log entry:
REQUEST_URI: /wp-content/plugins/bulletproof-security/admin/htaccess/bps-maintenance.php

It’s a Free version.

It’s a single WordPress type.

Yes, I checked my ip to make sure. It is correct with the one in Whitelist Text Box.

The 403 is standard/generic host server 403 error page.

I also get standard/generic 403 when access /wp-content/plugins/bulletproof-security/admin/htaccess/bps-maintenance.php

Since you are seeing a standard/generic host server 403 error page and not the BPS 403 error page then that means BPS Security Logging is being broken or overridden by either another plugin you have installed or by something on your web host like Mod Security or your web host server is not allowing/processing some BPS htaccess code.

Do these troubleshooting things next:
Go to the BPS System Info and copy and paste this system info about your site/server.

Server Type: Apache
Operating System: Linux
WP Filesystem API Method: direct
Server API: cgi-fcgi CGI Host Server Type
Apache Modules|Directives|Backward Compatibility(Yes|No)|IfModule(Yes|No): View Visual Test
403: mod_access_compat is Loaded|Order, Allow, Deny directives are supported|IfModule: Yes
403: mod_authz_core is Loaded|Order, Allow, Deny directives are supported|BC: Yes|IfModule: Yes
403: mod_authz_host is Loaded|Order, Allow, Deny directives are supported|BC: Yes|IfModule: Yes
200: mod_rewrite Module is Loaded

Do you have the Sucuri security plugin installed? If so, go to the Sucuri plugin settings and turn off the Sucuri Restrict wp-content access Hardening option setting by clicking the Revert Hardening button.

I don’t understand what you meant by this:

Do these troubleshooting things next:
Go to the BPS System Info and copy and paste this system info about your site/server.

Server Type: Apache
Operating System: Linux
WP Filesystem API Method: direct
Server API: cgi-fcgi CGI Host Server Type
Apache Modules|Directives|Backward Compatibility(Yes|No)|IfModule(Yes|No): View Visual Test
403: mod_access_compat is Loaded|Order, Allow, Deny directives are supported|IfModule: Yes
403: mod_authz_core is Loaded|Order, Allow, Deny directives are supported|BC: Yes|IfModule: Yes
403: mod_authz_host is Loaded|Order, Allow, Deny directives are supported|BC: Yes|IfModule: Yes
200: mod_rewrite Module is Loaded

I don’t have any other plugin install as this is a newly built website.

So I just did another test on another website on the same server. And it did the same thing but a big change.

When I click “Preview” or access /wp-content/plugins/bulletproof-security/admin/htaccess/bps-maintenance.php, I got this.

mydomain.com 403 Forbidden Error Page

If you arrived here due to a search or clicking on a link click your Browser's back button to return to the previous page. Thank you.

IP Address: 127.0.0.1

The IP address of this site is: 127.0.0.1, which probably means this is a Local Development server installed on your computer correct? Is this XAMPP, MAMP, WAMP or LAMP?

The BPS plugin has a menu link called System Info, which goes to the BPS System Info plugin page. Go to the BPS plugin System Info page and copy and paste your website/server information in your reply.

No this is not on my computer. It is a VPS.

Here’s the system info you’ve asked.

Server Type: Apache/2.4.25 (Red Hat)
Operating System: Linux
WP Filesystem API Method: direct
Server API: fpm-fcgi CGI Host Server Type
Apache Modules|Directives|Backward Compatibility(Yes|No)|IfModule(Yes|No): View Visual Test
403: mod_access_compat is Loaded|Order, Allow, Deny directives are supported|IfModule: Yes
403: mod_authz_core is Loaded|Order, Allow, Deny directives are supported|BC: Yes|IfModule: Yes
403: mod_authz_host is Loaded|Order, Allow, Deny directives are supported|BC: Yes|IfModule: Yes
200: mod_rewrite Module is Loaded

Not sure if this help. I am running Apache behind Nginx.

Yep, that helps. You have an Nginx Reverse Proxy configuration problem. You should not be seeing IP address 127.0.0.1 in the 403 error message and instead should be seeing your actual server’s IP address. To confirm this additional problem > go to the BPS System Info page > copy and paste this additional system info below. Note: I need to see the actual IP address or IP addresses if there are 2 of them
Proxy X-Forwarded-For IP Address: xxx.xxx.xxx.xxx

• This reply was modified 7 years, 9 months ago by AITpro.

Server|Website IP Address: 127.0.0.1
Host by Address: localhost
DNS Name Server: ns1.mydomain.com
Proxy X-Forwarded-For IP Address: xx.xxx.xxx.xxx <==(my home ip address)

• This reply was modified 7 years, 9 months ago by imtino.

Ok try adding this code in your wp-config.php file to fix this problem.

if ( isset( $_SERVER['HTTP_X_FORWARDED_FOR'] ) ) {
  $xffaddrs = explode( ',', $_SERVER['HTTP_X_FORWARDED_FOR'] );
  $_SERVER['REMOTE_ADDR'] = $xffaddrs[0];
}

or this code if the code above does not work:
$_SERVER['REMOTE_ADDR'] = $_SERVER['HTTP_X_REAL_IP'];

I am not sure where to add it in wp-config.php. So I added at the end. I’ve tried both and it didn’t work.

I’m sorry I’ve checked a second time and realized that I’m running Apache behind Hiawatha and not Nginx. I don’t know if that make a different.

Any custom/personal code that you add in a wp-config.php file needs to be above this line of text in a wp-config.php file: /* That’s all, stop editing! Happy blogging. */. NEVER add any custom/personal code below that line of text in a wp-config.php file. If after you move the code above the /* That’s all, stop editing! Happy blogging. */ line of text in your wp-config.php file and it is still not working then are going to need to contact your web host support and ask them to help you get your Nginx Reverse Proxy configured correctly and you also want to ask them to help you get BPS Security Logging working. Most likely they will need to edit your VPS httpd.conf file and if you are using a vhosts conf file then they may need to edit that server configuration file as well. What they need to look at is why this BPS htaccess directive ErrorDocument is not working on your website/server. It could simply be that the ErrorDocument directive is not being allowed in your server configuration files or there is some other server configuration code in the httpd.conf or vhosts conf file that are overriding logging HTTP STATUS code 403 errors.

• This reply was modified 7 years, 9 months ago by AITpro.

I just saw your other post reply. All I know about Hiawatha servers is that they have built in security measures that block similar things that BPS htaccess code blocks. So it is possible that your Hiawatha server is causing the Security Logging and the Maintenance Mode problem due to Hiawatha server security settings. That is also something that you would need to ask your web host support folks about since I have zero experience with Hiawatha servers. ??