Forbidden: You don’t have permission to access this resource

  • This morning, my self-hosted website gives me “Forbidden: You don’t have permission to access this resource”, when I tried to edit my homepage.

    Since I let the browser remember my admin’s username/password, when I access my homepage, I am logged in as the admin, and I can see the admin’s tool bar including menu items “Customize”, “New”, “Edit Page”, “Edit with Elementor”, and so on. When I click on “Edit with Elementor”/”Edit”/”New” etc., I get this forbidden message. When I hover over to my website name and then “Dashboard”, I get the admin’s dashboard but the interface is raw (missing some css?) with expanded lists of menu items, such as “Pages” (then sube menu items) “Pages”, “All Pages”, and “Add New”. If I click on “All Pages” (or other links), I get the forbidden page again.

    I tried the followings:

    • Remove .htaccess and create a new one.
    • Rename wp_content/plugins, in case the problem is caused by one of the plugins.
    • Overwrite all WP folders and files with a fresh download.
    • “Chown -R” to www-data:www-data, chmod on folders to 755, chmod on files to 644

    The latest error log says “AH01797: client denied by server configuration: /var/www/{my domain}/wp-admin/post.php, referer:”{my domain} when I click on “Edit with Elementor” or “Edit Page”.

    From time to time, error logs are added as “AH01797: client denied by server configuration: /var/www/{my domain}/wp-cron.php”.

    This has happened before, and what I did was completely rebuild the site after everything I’ve mentioned above. This rebuilding method is OK for me since right now the website is brand new and is not in production yet. I suspect it will happen again later on.

Viewing 4 replies - 1 through 4 (of 4 total)

  • Sounds like clearing your cache and re-authenticating should still be your first step.

    If your site broke, don’t panic!

    Before you go any further, make sure you’ve updated your plugins and themes to the latest versions, clear your browser’s cache and cookies and re-log in to your WordPress dashboard.

    Ref: Read this FIRST!

    Thread Starter wpname

    (@wpname)

    Thanks for your answer, KnightWolfJK.

    I found some suspicious .php files, and have stopped the compromised server.

    Good luck. Don’t forget to coordinate with your web host as part of the incident response.

    Once you’re past that, there is a bevy of quality security plug-ins that can help you batten down the hatches. I’ve had good luck with WordFence. And also with Security Ninja. (At different times for different reasons). Of course, YMMV.

    Thread Starter wpname

    (@wpname)

    Thanks for the suggestions.

    I may change my method of building my website for security. In stead of using WordPress and plugins, which attract low-tech hackers who use online tools, I may code up my website using php and mysql – Maybe I am getting rusty but I had some experience coding and hosting an online ordering system for a small restaurant ten years ago.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Forbidden: You don’t have permission to access this resource’ is closed to new replies.