403 on admin-ajax.php

  • nnimis

    (@nnimis)


    8 years ago

    Recently needed to upgrade wordpress versions and all the plugins to the newest revisions. After doing this, I noticed ajax calls being blocked on the admin (403: Forbidden). I have disabled all the plugins and re enabled one by one to see which was causing this issue, then I found it was iThemes Security (version 6.1.1)

    I couldn’t reduce the security, because the plugin settings page updates them with ajax. Without any other option available, I have downloaded the code from the plugin dir. and looked up for ‘403’.

    I have comentend some code on better-wp-security/core/modules/wordpress-tweaks/config-generators.php
    Lines commented:
    107: $modification .= “\t\tif (\$http_user_agent ~ \”^$\”) { return 403; }\n”;
    111: $modification .= “\t\tif (\$invalid_referer) { return 403; }\n”;

    Not sure how it blocks request to admin-ajax.php… The config. option affecting this behavior was ‘Comment Spam’ under ‘WordPress Tweaks’ group. This option is disabled tough… but it seemed to be irrelevant since still getting 403 for every ajax request. Ajax calls started working again after commenting those lines. Can it be a bug on the plugin?

Viewing 4 replies - 1 through 4 (of 4 total)
  • pronl

    (@pronl)

    @nnimis

    Are you using Nginx as web server ?

    Thread Starter nnimis

    (@nnimis)

    Apache 2 on a CentOS dedicated server, hosted on GoDaddy

    @nnimis

    Ah ok. In that case there is no point in commenting out those lines.
    They are Nginx specific…

    Thread Starter nnimis

    (@nnimis)

    Yes… well, it did the trick finally. Not sure if this is because we are upgrading from previous versions or what, but this code seemed to be generating the HTTP 403 on Ajax calls

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘403 on admin-ajax.php’ is closed to new replies.

Tags