Forbidden when using customiser after plesk migrate

  • Resolved mikenco

    (@mikenco)


    3 years, 8 months ago

    I was unaware of having to disable ‘extended protection’ before migrating a website via Plesk. On the new server (and IP) everything works except when I click on ‘customise’ and the preview shows a 403 ‘forbidden’ page. I have tried resetting the .htaccess page and checked all of 0644 permissions etc. When I search the database for the old IP address, it is listed within a few tables relating to Wordfence, and I am wondering if the issue is related.

    How do I make sure that Wordfence knows that the new IP is the current site it’s hosted on?

    I may be completely on the wrong track, but would appreciate any advice on what to investigate next.

Viewing 7 replies - 1 through 7 (of 7 total)
  • Plugin Support WFAdam

    (@wfadam)

    Hello @mikenco and thanks for reaching out to us!

    The best thing to do in this situation is completely remove Wordfence and reinstall it.

    To ensure you have completely removed Wordfence, follow these steps:

    • Remove extended protection manually (https://www.wordfence.com/help/firewall/optimizing-the-firewall/#removing-the-optimization)
    • Remove the wordfence plugin folder located in wp-content/plugins
    • Remove the wflogs folder located in wp-content
    • Remove wordfence-waf.php located in the root of you WordPress installation
    • Remove all Wordfence related database tables from the database, using for example phpMyAdmin or Wordfence Assistant plugin.
    • Check either .htaccess file or .user.ini depending on your server configuration and remove any code snippets wrapped by # Wordfence WAF and # END Wordfence WAF.

    Then go back through the install process. You will need to optimize the firewall again as well.

    Let me know if you have any issues!

    Thanks again!

    Thread Starter mikenco

    (@mikenco)

    Hi Adam,

    Thanks for the assistance, really appreciated!

    I forgot to mention earlier that this is a multisite.

    I have removed Wordfence as described, although the file wordfence-waf.php wasn’t there, also, even after using Wordfence Assistant, there are a lot of folders in mphpmyadmin beginning with ‘wf’ that appear to be Wordfence related.

    Worst of all, the issue with the 403 is still present. I shall leave Wordfence off temporarily to see if I can work out what is going on.

    I shall report back when I have a solution.

    Rgds,

    Mike

    Plugin Support WFAdam

    (@wfadam)

    A 403 would point to the WAF blocking something as well. You could try Learning Mode to resolve the issue further.

    From the Wordfence Dashboard click on Manage WAF. Then you will see Basic Firewall Options > Web Application Firewall Status. Change the option to Learning Mode. Now perform the actions that were causing issues. This will help Wordfence learn that these actions are normal and it will allow them in the future. After you have finished performing the actions, switch the WAF from Learning Mode back to Enabled and Protecting. Now test to see if these actions work correctly.

    https://www.wordfence.com/help/firewall/learning-mode/ is an amazing resource for learning more about the WAF and learning mode.

    Let me know how it goes!

    Thanks!

    Thread Starter mikenco

    (@mikenco)

    Good Morning Adam,

    I reinstalled WF on Friday evening, so the site wasn’t unprotected over the weekend. I have checked it this morning, and it’s showing as still in learning mode ’til April 2nd. I don’t have any WF options involving this page, so I’m not convinced that WF is blocking it. I’m sure there is a permissions issue involving the Plesk Migration.

    Thank you for your suggestions and advice.

    All the best,

    Mike

    Thread Starter mikenco

    (@mikenco)

    Hi Adam,

    I think it IS to do with WF.. I am getting Zapier errors too. Part of the log says this:

    AH01071: Got error ‘PHP message: WordPress database error Table ‘wp_8ve67.qANk6_wfls_settings’ doesn’t exist for query SELECT name, value, autoload FROM qANk6_wfls_settings WHERE name = ‘allow-xml-rpc’ made by require(‘wp-blog-header.php’), require_once(‘wp-load.php’), require_once(‘wp-config.php’), require_once(‘wp-settings.php’), include_once(‘/plugins/wordfence/wordfence.php’), require_once(‘/plugins/wordfence/lib/wordfenceClass.php’), require(‘/plugins/wordfence/modules/login-security/wordfence-login-security.php’), WordfenceLS\\Controller_WordfenceLS->init, WordfenceLS\\Controller_WordfenceLS->_init_actions, WordfenceLS\\Controller_Settings->get_bool, WordfenceLS\\Controller_Settings->get, WordfenceLS\\Settings\\Model_DB->get’, referer:

    A missing WF table is mentioned. Does that make any sense to you?

    Rgds,

    Mike

    Thread Starter mikenco

    (@mikenco)

    Further update. Turns out, it was Modsecurity blocking the customizer page. However, there was an issue with Wordfence trying to look for the settings in the wrong folder, which I think was compounded by the WordPress security in Plesk changing the prefix of the database!!

    I will put WF back on again now and hopefully this is resolved!

    All the best,

    Mike

    Plugin Support WFAdam

    (@wfadam)

    Thanks for letting us know what was the cause!

    If you run into anything else! Just let us know!

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘Forbidden when using customiser after plesk migrate’ is closed to new replies.