403 Forbidden error when changing password in My Account

  • Resolved gravatard

    (@gravatard)


    5 years, 4 months ago

    Greetings,

    WooCommerce customers are getting blocked by Cerber Security when attempting to change password in My Account > Edit Account page.

    It’s not a caching issue, as I’ve whitelisted /my-account/ in Breeze plugin, and I see a 403 Forbidden error in Cerber’s Traffic Inspector.

    How can I whitelist this so Customers can update their password?

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author gioni

    (@gioni)

    Are those 403 events have gray labels in the Request column? What are they?

    Thread Starter gravatard

    (@gravatard)

    I discovered that WP Cerber was blocking edit-account function in antispam, as it thought these were bot actions.

    I updated my current Antispam Query Whitelist to this:

    ?wc-ajax
edit-account

    Upon testing, I can now successfully update password as customer role without getting blocked as attack vector.

    For now the issue is resolved, but please add the above whitelist fix in documentation for all WooCommerce users. Without such WooCommerce will not function as intended.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘403 Forbidden error when changing password in My Account’ is closed to new replies.