403 error on ALL admin functions of a new installation

Hi @sethgrimes,

Try this solution: https://www.ads-software.com/documentation/article/debugging-in-wordpress/.

After you have followed some of the debugging steps, You can also share a screenshot of the issue for us to know what is really causing the issue on your website.

Thanks

OK, I know what’s happening: The .htaccess file that was installed with WordPress doesn’t list certain admin files. Examples are options.php and theme-install.php. I’m sure there are others. There’s a Deny default for .php files so access is defined for the files that aren’t explicitly listed.

I can fix this by adding the files to the Allow list, but why were the necessary-but-missing files left out of the .htaccess file Allow list?

It seems like the 403 Forbidden error could be caused by a variety of issues, but let’s go through some troubleshooting steps to identify and resolve the problem:

1.Check File and Directory Permissions:
Ensure that the file and directory permissions are set correctly. Typically, directories should have a permission of 755, and files should have a permission of 644.

2.Check Ownership:
Make sure that the files and directories are owned by the correct user and group. You can use the following commands to set the correct ownership:
chown -R yourusername:yourgroupname /path/to/your/wordpress/installation
Replace “yourusername” and “yourgroupname” with the appropriate values.

3. Check .htaccess File:
Even though you mentioned checking the .htaccess file, it’s worth checking again. Make sure no unusual configurations are causing the 403 error.

A standard WordPress .htaccess file looks like this:

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</Ifmodule>
# END WordPress

4. Check Mod_security:
Some hosting providers have mod_security enabled, which can block certain requests. Contact your hosting provider and inquire about mod_security settings. They might be able to whitelist certain rules or provide guidance on adjusting the settings.
If you have a cPanel OR Directadmin Panel you can disable mod_security for your domain.

5.Review Server Logs:
Check your server logs for any error messages. The logs are usually located in the /var/log directory. Look for entries related to the 403 error, and they may provide more details on what is causing the issue.
Generally, the servers with control panel may have different path for log files, you can check with your hosting provider.

6.Temporary Deactivation of Security Plugins:
If you have any security plugins installed, temporarily deactivate them to see if they are causing the issue. Sometimes, security plugins can be overzealous and block legitimate actions.

After going through these steps, you should have a better idea of what might be causing the 403 Forbidden error. If the issue persists, consider reaching out to your hosting provider’s support for assistance, as they may be able to provide specific information about server configurations.

Thanks @milesweb. The 403 error was caused by a miscoded .htaccess file created during WordPress v 6.4.2 installation. I wrote initially that I?didn’t see anything interesting in the .htaccess file, but as I subsequently wrote, I had missed that a number of WP admin files was denied. I completely solved the problem by removing .php from the Deny list and I can use all dashboard functions, although I still don’t know why the WP 6.4.2 installation created a problematic .htaccess file.