403 Forbidden Error

Same issue here.

Oh ??

I was not aware of this issue, thank you for reporting. I’ll investigate it next week.

I installed All in One WP Security but I couldn’t reproduce the issue: I was able to re-generate a favicon without problem.

Has one of you access to your web server’s log (probably Apache) to check the reason of this 403 error?

Hi, I’ve checked error logs, none reported. They are suspiciously blank however. I’ve also tried changing permissions on wp-content and wp-admin to 777, same thing happens.

Thanks

Access log:

[16/Jul/2014:16:07:50 -0500] “GET /wp-admin/themes.php?page=favicon-by-realfavicongenerator/admin/class-favicon-by-realfavicongenerator-admin.phpfavicon_settings_menu&json_result_url=https://realfavicongenerator.net/files/ec3f6aaf5c538e6c3eaeb955b341d72a5c690b1f/json_result.json HTTP/1.1” 403 18200 “https://realfavicongenerator.net/api/favicon_generator” “Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36”

There is a function in cpanel that lets you view the last 300 errors. Nothing in there regarding RealFaviconGenerator

Thanks! Hum… this access looks alright, expect for the 403. My Apache logs a similar request… with 200:

[18/Jul/2014:15:36:30 +0200] “GET /wordpress/wp-admin/themes.php?page=favicon-by-realfavicongenerator/admin/class-favicon-by-realfavicongenerator-admin.phpfavicon_settings_menu&json_result_url=https://realfavicongenerator.net/files/dd3e780f4221aef83ad30622bda3ab087570b1a2/json_result.json HTTP/1.1” 200 16510 “https://realfavicongenerator.net/api/favicon_generator” “Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36”

I have just released a new version of the plugin (1.1.1). Although I didn’t release it with this issue in mind, it is likely that this issue was fixed as a side effect. I would be glad if you could give it a try.

Boring development stuff here, no need to read if you are not interested: From the beginning, the plugin uses the Rewrite API to create URL such as /favicon.ico, whereas favicon files are actually in /wp-content/uploads/fbrfg/. So far so good. But the Rewrite API is a bit tricky and very environment-specific. For example, with Apache, it relies on the .htaccess file. Some security plugins mark this file as read-only to prevent unauthorized accesses. Why not, but there is nothing in the Rewrite API to handle this case. You have to check the .htaccess file manually. And this is only for Apache. So I fixed some issues soon after the initial release of the plugin, with the help of helpful users who reported the problems. But it seems like there is no end to this. And limited reward: having URLs such as /favicon.ico is a nice to have, not a requirement. So what does v1.1.1 brings? The deactivation of the Rewrite API.

Fixed, but the plugin wasn’t at fault after all.

Just updated to v1.1, the same 403 error occurred.

I then disabled all firewall rules (under settings in the AIO WP Security & Firewall Plugin). This deleted the rules from the .htaccess file, which looks to have been the problem – simply disabling the plugin mustn’t have done this. I then set the firewall rules back to what they were, and everything appears to be functioning fine.

Paligula, try this, see how you get on.

phbernard – thanks for taking a look. It’s a great plugin.

Great! I’m not sure why the latest version of the plugin did not work immediately, since it does not use .htaccess anymore. Maybe I miss something. I hope new users with fresh install won’t suffer from this anymore.

Thank you very much for the continuous feedback you provided!