Blocks access to the admin & codification errors

Howdy y’all,

First, I wanted to apologize for the trouble. It’s annoying when an upgrade breaks and that isn’t lost on us.

Next, we’re having real trouble duplicating this or finding a likely cause by looking at what has changed in the last month, so thank you for your patience as we continue to work on this.

To help us, there are a couple of things that could be helpful:
* could you reply with a screenshot, or at least a copy/paste of the full error? We’re interested in seeing if that helps us identify what might be throwing the 403.
* Can you use the browser’s inspection tab, in the Network requests section to see if you’re able to confirm what request is sending back the 403 request? (Some more about how to do this if you’re willing: https://developer.chrome.com/docs/devtools/network/ )
* Lastly, if you’re able to attempt to log in from a private/incognito window. Does that also throw the 403 error?

Thanks again,
Brandon Kraft
Jetpack Crew Lead

Can confirm that Blunoa’s issues is a temporary work around. Thank you.

Thanks Brandon, here is a screenshot of the error I get.
https://snipboard.io/4bgdw7.jpg

Incognito still throws the error as well.

Here is the error with the network inspection.
https://snipboard.io/qSAnoN.jpg

Thank you! What hosting provider do you use behind CloudFlare?

That error message isn’t from Jetpack or WordPress. I think it might be from Plesk (the hosting control panel that I’m thinking your host is using).

One possibility is that your host is trying to load the index to wp-admin (e.g. the file list) instead of wp-admin/index.php which suggests might be an issue with .htaccess.

That said, I’m not sure why that would be occurring in correlation to the Jetpack update, so I lack confidence at the moment.

I’m working with the team to see what else we can come up with

You’re welcome, yes all of my sites are hosted on a linux server using plesk. My hosting company is 1 & 1 by Ionos. Thank you.

I also only get the error when I’m logged in. The website views fine when I’m not logged into wordpress.

• This reply was modified 2 years, 2 months ago by triskelionindustries.

What looks like is happening is the following:

* We added an iframe as part of the Notifications feature to work around cross-site cookie issues that are popping up due to changing browser security models.
* That iframe was being flagged by modsecurity, a firewall tool used on some servers. In particular, it seems like Plesk servers are flagging it the most.
* The result of that is the 403 from your server blocking access to wp-admin.

While we figure out the best long-term way to work around this situation, you can disable the Notifications feature ( via your site’s wp-admin/admin.php?page=jetpack_modules if you’re able to load that).

That will remove the little notification bubble in the top-corner of the your logged-in admin bar, which will remove the code that is being flagged right now.

Alternatively, your hosting provider will likely be able to advise how to disable that rule for your site (the “potentially malicious iFrame” rule).

Thanks again for your patience, understanding, and help in figuring out where the 403 was coming from!

@kraftbj Worked for me! Thanks!!!

I have the same problem with jetpack and plesk, entering in the wordpress admin page, i got 403 ERROR forbiden, if i desactivate jetpack it works fine…How i can solve that? will jetpack will deliver a update to solve this?

Best Regards DVM

How i can access wp-admin/admin.php?page=jetpack_modules , it says not allowed to access this page.

@dvmarques Try this, read through the steps fully before starting:

Deactivate and delete the jetpack plugin
Install it and activate it
Don’t complete the setup (meaning dont connect to a wordpress account)
Access the modules page and disable notifications as described above
Complete the setup (connect to a wordpress account)

*On my site i only got the 403 issue after connecting jetpack to a WP account. Problem is i needed to connect to a WP.com account to get most of the good features of JetPack.

Right now everything works for me with notifications disabled.

@welime

Thanks, can i use the woocommerce app after do this steps?It is fully funcional?

Thanks

@dvmarques Yes woocommerce works fine for me

We’re shipping out Jetpack 11.3.1 right now to resolve this. If you saw the issue, please update your site once it is offered in wp-admin and then you can re-enable the Notifications module.

If you have been unable to use the workaround to disable the Notifications, you can use your hosts’ file manager or FTP to delete the wp-content/plugins/jetpack/modules/notes.php file, then it’ll let you back into wp-admin and you can upgrade to Jetpack 11.3.1.