Can’t authenticate email then it crashes site

@northern121212 Sorry to hear of the issues you’ve been encountering. In some cases users hosting environments feature web application firewalls or security rules which may impact setup.

Many thanks for your feedback, which I will pass on to the team. If you want to share your Site Health information of hosting provider I’d also be happy to investigate further from my side.

This is the error transcript provided by my hosting provider:

[Fri Jan 31 15:25:57.523701 2020] [:error] [pid 6226:tid 47032615163648] [client 173.238.17.22:55491] [client 173.238.17.22] ModSecurity: Access denied with code 403 (phase 2). Matched phrase “.profile” at ARGS:scope. [file “/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/08_Global_Other.conf”] [line “57”] [id “210580”] [rev “2”] [msg “COMODO WAF: OS File Access Attempt||hsjcc.on.ca|F|2”] [data “Matched Data: .profile found within ARGS:scope: email profile https:/www.googleapis.com/auth/analytics.edit https:/www.googleapis.com/auth/analytics.manage.users https:/www.googleapis.com/auth/analytics.readonly https:/www.googleapis.com/auth/analytics https:/www.googleapis.com/auth/webmasters https:/www.googleapis.com/auth/siteverification openid https:/www.googleapis.com/auth/userinfo.profile https:/www.googleapis.com/auth/userinfo.email”] [severity “CRITICAL”] [tag “CWAF”] [tag “Other”] [hostname “hsjcc.on.ca”] [uri “/”] [unique_id “XjSNVflO8akEWI8rkj-bDAAAAAE”], referer: https://accounts.google.com/signin/oauth/consentsummary?authuser=0&part=AJi8hAOPA9IrSpWL4k_Kj6u9T0v1uOzCSjgzj4yksVDaKVTcFTtp0wcuQXBHyvDKNjn_Jz8xSI4PNPSUP2rzMav_FfnBbu5tTffq-2rfJpnsw1LFdsEzIoyicccOgkw2VnnAuoAnGivyS4LXyEwy6l5Wn7z5NmRuRfLAuZOsWBBqQpEChBGCXDA35k43dKeeDNOa5iz61KN_F6N-FTC2AbftPNWJa0lawJ-0XU4kXU29KLjgUwponrgFI6HjJjHt3cgMEQ7KtGAOY9M4ioUppDKtnO-nw8I7fdmtMOy6ecwetDa_MVfz8ftor9DsmbywC67_NnOKxZS4LaqTYRS4EPK7coiFr6y1Gcxw8n4S_2oQzseSDC_dgk5aVePv_gGZnorYUPqd1r80KbJgqIq6hg9aqO_ihae-o1lZk40Unte-x29SLChdNzo51icQ_LxeKR2YvIhlVmpRo_PkKzH8GlwFrQ58kHLlLk3Z3y3_yY7CkhKZQi3HvYurZnIFvKT80Vb_PuSK55e-2V4VYJu8WISLqMqhzYSKDT4IWSCLt1N-DNKj8nIQA2F9wg6a9hwISQtFNprM1wC8q3CWoXaf_tuqwlQ-7HJ8ORHFcYPas6LiIfottLmFOr8SQNlZSXDsIk9PePz71TfOIJvtOkOFfLHSwmJa4YM5aTxi2Ks9XrkfB00IajWew80FP32S7bPxt0BI9Ra-EpzV17Xqmf1ARZn17Cp9iZVT0ENpCMOJTVTehXjAT23j-Isuu-5C1cshwS3qUwj_GgXwWEbmhWaOC-flhYylrStAxW09UUrRscCtjMvotfNjk-3KfcxxiL4PG1KxMz2Bk8ExazwTmEvDE2qxWJUaz0qehDkkB8j9oLZbW_WH_SBkPx6WtTjOfjYVmUzUllbRayzd0YiEZWFiPp_6DfWDKKcx80TcqXiiWFlOl7pegePW9cgysmdH0PD7j-VW9cMfwc_yrkx2b7221U5Lgf_r61oV0p3VktzdRqDf9imxXYi6_zFceXOzyfiJgMNQqapGAN7Wz2CgE0x5A2kZsLVLiZ93ZILHu0zBkEE5dRToXr9pd6fpi_ni1Z1sPCtnDcTTWxWup1r7X6hrUGtAMSWJMu1Pgo7rdQc3kDNsU_a7ZeAMMo3-W4l6aRJTplBj8_329zBd_mlKVEh18eaQpb6LdIXk7nNdgw5STieImLfi8MKHGR0dQo2kPZsERWKeq-Xy-RE5ctdYydlIqiq2N0xmUxO-htP-FmOAdNLkoh-BttzfcsKyBGXTi18zFJ9dRo30X6dBzjWuOJ9x4NuehsR4V8mCbksC7a01nCzFJG-aqOYVeYDz4JMBFeqpV1x_jGYuhT66kTVKZA0XHmwofYlXqond8UT2dufSDuU8517DHz97vsR6dljGL8JJOpMWOSC-xwT5-t7C6JPT2VR41GlpXk44R3t9ktmk_oCuFldvrlNpdAvoiyrFwruNoPO2Zf4wH9xYJtjb9hPwzgTp_g50EoNplhW59ritgFBaFKlXzJLASmIYjLVuQd48yYY95OSz-FH30-y4q8VrGedpG2BDGcsBiA8QWmpW57gOVFStCBAHvFKmBDppIWZhpAvAylMfT3eRrc_yGQ5smYyCKEpKjND5wZdfGJwWhA9-kGlm8m_svhG1BYXbmmJADYmQCFMa1gLJx6u7BQoNzZndf7NXEabpv29opSHTZlb1DLJ0mGBpuvQzPo4S6cdVg0JgiSxNVUL2i1UqzvFlPgp-ILgXghG5Bdbfruwt1Y3YzVm14rci0n90ILV08Wq0frGFT-z4TParcBaBYgeciXBX27GIBXzAyk-C3GvharDagOyghivpE3CXIyVg1LfyuIKK6POtARxfosDPYmVgC12PoJkGU1FBpBVcpyU_dmC_I-3YYcxl6TU&as=2ZC_b_ClWwEYMI-SkY3pBA&rapt=AEjHL4MDH7gjFKfrigw78cBYx0Z7HNLcWVulh-tiJnGEpSyMHpSEdzhQLH1lv3hy7_1DFdGu76l9S3uM9DwF7pGqZl2Jy66t-w&approvedScope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fanalytics.edit%20https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fanalytics.manage.users%20https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fanalytics.readonly%20https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fanalytics

@northern121212 Many thanks for the update, very useful indeed. It looks like there may a ModSecurity configuration or rule setup which is impacting setup. I will share this with the team and report back.

Yes, my hosting provider said that it was a ModSecurity issue, and that the only way I could get around it would be to login to my cPanel and temporarily disable ModSecurity and then attempt to install the plugin.

My problem is that I’m looking for plugins that work like 99% of every other plugin, and just plain work, without requiring a lot of extra steps, and extra technical knowledge, in order to use them.

I really that your team is able to resolve whatever these security issues are, as I truly do want to use this plugin.

Thanks!

@northern121212 We have been working hard to address any such incompatibilities, and for sure I would be more than happy to bring this case up with the team. Thank you for bringing this up, very useful feedback.

Hi @jamesosborne, I have the same problem … when they solve it you can inform me too.
Thanks a lot

@claudioriosp I will keep you posted here with any updates.

Hello @jamesosborne,

Same problem here:

[client 2a02:587:8108:d990:4415:af3a:a98:30a1] ModSecurity: Access denied with code 403 (phase 2). Matched phrase “.profile” at ARGS:scope. [file “/etc/httpd/conf/modsecurity.d/rules/comodo/08_Global_Other.conf”] [line “57”] [id “210580”] [rev “2”] [msg “COMODO WAF: OS File Access Attempt||retaste.gr|F|2”] [data “Matched Data: .profile found within ARGS:scope: email profile https:/www.googleapis.com/auth/analytics.edit https:/www.googleapis.com/auth/analytics.manage.users https:/www.googleapis.com/auth/analytics.readonly https:/www.googleapis.com/auth/analytics https:/www.googleapis.com/auth/webmasters https:/www.googleapis.com/auth/siteverification openid https:/www.googleapis.com/auth/userinfo.profile https:/www.googleapis.com/auth/userinfo.email”] [severity “CRITICAL”] [tag “CWAF”] [tag “Other”] [hostname “retaste.gr”] [uri “/”] [unique_id “XkAgop0SxOXyMgcsYTr3rgAAACk”], referer: https://accounts.google.com/signin/oauth/consentsummary?authuser=3&part=AJi8hAMBYvufmU0GYwHzmwwIkiUvO0jJidIsuHl49_Rw-ahEfu0Q7VvD3Vaxk2Up_ZEw25KCH9sWzg-kn846RZMRw3ibE5oECREvJ-8l2R40Jd1SQqbm5c3vnOrJBBE74ckvnxqkdFbomsHU-dxBnJti45DKBooc5Gfs_hRwNp9G9yebf4_QQE7Wo8C0vHPWkLxrgVaUU6ARe5nojeXxyKlcV5r0uZFF06_Ea9xsQHBcwsLy1c96qyvhGbDJmITRH_-t24uoEHV9BAGpR-7yzzS5Yu8F6WQgE9FrHkU4zN-nQ73yjXXeMdCugyQSVUyLIsfWmDrbD00po2RBSqcbsKfKTO-X9CK0wcyih3fS0MN8kmz1h6SkBTCtFla4t2iEhcetDtcOEkK9zVBxJyTh7XWlHv–si-L2BPRlOZPthxPrHgPfGBx6Ufu4XkBDTr0mubGFIggt7FrgkuxxLXTU-51HL-n0w_uuNmh5M6f6HG9QT_-QZH5ELb18lFnoOfEKyoZa–bfVTkraIb6ernvuNOzGeiSjW_B4wlWXfHrQBy__-IgcLcX4J2loOgIOE29L8BHuZYeN9HeLfbl7vCydaxv_qs3MnpFSsBfNHbMGLxVBG3MyqNHdNcpB5ND8Naq1tCEs2_y-eu2tpaVwtSRgga-v2Zf9oFWOjkRhx7Svic6eCbTpxJk5PNM2T8-8WmlV_vzFeSzTspM_VKTdubyWJh1ZVbIVDp-keSbiydxhCBmgb5HSbS7ScWxwlt3UXKqkRfSiDM4sSApQ8bEz9c12t30UHTddn2z5HytdgiGxB0yF_Yfu4A97PEvJHi5sR04-HqJfIH1WMNGX61WOx_9QIrdwXP2QGQJ0AIRPX_TDHwH96fBwfpofN1SiKpLsf9eUlFeHFrdgKWOh3-5-2Ba3HtHSc8jtpuQ-Jaj7-WL4SY8lT7MWWef0HST88HHblK7gJCOg53xBkInWdEWi_Bfocug6Uvq6XRwmCFHdePk-nacq3RELoPLIWBbuUVjcy7X_kLn3yh_M9S2g-tWmPZGBfO7IoYzMZsM80kcoKeJI83SAGVwL8X93Vl6u0EGDABmEt4J7mZm7N6-VsTBNtwyeRCS7PmdqO–UmeY_kqUgm5k_xh36YWokykYXIRHYPeOA70P1MhCQZqlq9796OS9T9uvFS9nqwqsMlaF2stXXLMObzJx6hEmLK_Dfzh83J29IalhgVB4SoU6tAbh7mp6Cf56gp7-1bqIzeAgxAsq0vT6w4Nr–XjSKG5WdLv1OtLAXnxG1PA2UcBdyh6kYcGA3jldqcS8-Ao88QDkqGUicURb2UVlkxVa1w3kF0kLojJIRfZ8eRQSLrvF702ouKSKhHRjy_3GPfA6n6oPL2MvSAPWHLcRI4XMu0xrxlhBCt4XEktV9AG50HZSYLJJJj_jvZT2Ng8hWBZLma5_38Yd2XGE2tMfSQ9JCoSXXJ6KPLqjxnNbtxtD3BpAI_6RawXBcJLlC4Z2WzEE7_rcNfVuWFIayUAUM72b7OmbkGmpnoYja3GZXFpXDjf3Wd5EBe6sonKSeX1V1uVTAENzHSrEzT0pMwJRE8zgBKy_MZsiG_EgsRAvKavuX5031W50EQxAmwS643ZPi9OrVchn_ddEN8gB7JrlKzt2ccgngG5jK6pSY7Ry0I3O11RcfKde2fHCjVi9MW4zvWTMQowaUW73YnK0yx2VWhVfu1AgycheFNsJvgF6TNmPBY4YN0RTaWszsqe92Osc0XVF3b7R7Gap76w0sSrYVnfmpe6vm5bePeDl3fzI9mpFVQA2w0HZJsBdVOJZGESR_2CjhySaAyKhFeVe85VTlzBsl6VWdfk8xwrZPnw6SSIQb3xNWQMXZnMGHx3-KfKheHi85UhjPImiENXFSDkgme5vO0P8KKyKxZXiNDPRvv6BniYkw3oV9BVjepn7-MYeCMxCJtYlv2SXIwvZlqohjSJftsOMbGP6CHWPBMKuonddvY1fJ8QLjTXpQPft4Ejp1rhsqXZ7XSQCo8czSJaoiF_K4446o9sGP5N2D5gAMqvG3EQMQ5munvz_f76Mgy4IhmEg&hl=el&as=y1XpoqPUQzoU6mpEYMm__w&approvedScope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fanalytics.edit%20https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fanalytics.manage.users%20https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fanalytics.readonly%20https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fanalytics

Cheers,
yannis

@northern121212 @yannishimself @claudioriosp could you tell us your hosting provider and plan? Any info would be super helpful for us to recreate and address the issue. Thanks again for your report and feedback.

Hi @reneesoffice,

These are the data:
https://www.bluehosting.cl
Plan Emprendedores FULL
thanks

Hello @reneesoffice,

This is the host: https://top.host/web-hosting.htm#features
Galaxy package.

Cheers,
Yannis

@reneesoffice

It’s https://www.canspace.ca/web-hosting.html
Medium Plan

Hope that helps

@reneesoffice @northern121212 @claudioriosp problem solved:

You need to find the ID that triggered ModSecurity (in @northern121212 and my case it’s 210580, so I assume it’s the same everywhere). Add this id as a “Switch off security rule” in the host’s control panel (in plesk this is under “Web Application Firewall”).

but by deactivating this option I take security away from the site

@claudioriosp @yannishimself @northern121212 You can keep track of this related GitHub issue below:
https://github.com/google/site-kit-wp/issues/1113

We can also keep you updated here.