WordPress.org

Ready to get started?Download WordPress

Forums

iThemes Security (formerly Better WP Security)
[resolved] [Plugin: Better WP Security] 403 error at logout (26 posts)

  1. Michele
    Member
    Posted 1 year ago #

    Hi, and thank you for this plug-in!

    After the update today, when I logout I get:

    403 Permission Denied

    You do not have permission for this request /wp-login.php?loggedout=true

    Since the update is the only change that was made today, am thinking there is a connection. (I do get logged out, btw) Do you see anything that may be causing it from BWS?

    Many thanks!

    http://wordpress.org/extend/plugins/better-wp-security/

  2. Hi Sally,

    That's actually been an issue on and off for a while. Currently, with WP 3.4 it's come back with the fix I needed to make to make hide backend work at all. I do know about it though and I do hope to have a complete fix for it in the next release (probably a week or two as I don't want to start rapid-fire releases again).

  3. Michele
    Member
    Posted 1 year ago #

    Thanks for the quick reply! So glad to know that it's a known thing. Appreciate your hard work and the next release.

  4. Thanks Sally!

  5. djavet
    Member
    Posted 1 year ago #

    It's also the same problem when you log in?
    I've a 403 and then I need to remove manually the redirect url and then everything is fine, buy annoying for the users.
    Any news about a patch and a release date?

    Dom

  6. jstearn
    Member
    Posted 1 year ago #

    Is there a solution or work around for this--even temporary? It's causing issues with a membership site I have. I would like to keep using the plugin because I think it's great overall, but getting a 403 error on log out just looks bad and reflects poorly on my business.

  7. cogmios
    Member
    Posted 1 year ago #

    This has been marked as "resolved" but it is not , I also experienec it.

    Is there a MOD who can change it back to unresolved?

  8. esmi
    Forum Moderator
    Posted 1 year ago #

    We won't change it. It will have been marked as resolved by the original poster or the plugin's developer.

  9. jstearn
    Member
    Posted 1 year ago #

    I am confused why esmi is responding for bit51 (it is their plugin).

    If it is true that the issue will not be corrected, that is pretty bad. I recommend this plugin to a lot of my clients and on many blogs that I write for. This error is not insignificant. It should be corrected.

    There is a solution--commenting out or removing the offending lines in the .htaccess file--but there should be a better resolution.

    Looks like I will have to stop recommending this plugin until it is fixed.

  10. esmi
    Forum Moderator
    Posted 1 year ago #

    Is there a MOD who can change it back to unresolved?

    I am a moderator.

  11. cogmios
    Member
    Posted 1 year ago #

    @esmi : ok thanks , i will contact the dev to set it to unresolved

  12. Hello,

    Sorry, I must have hit "resolved" instead of email me. As this isn't the first time I've done this near the end of a lot of responses I'll just do it outside of posts.

    As for the fix, if I don't have to spend much more time meeting with the doc this week I should have something by the weekend.

  13. djavet
    Member
    Posted 1 year ago #

    Any news about the fix/patch?

    Dom

  14. sfjones1965
    Member
    Posted 1 year ago #

    I have same problem. Persons having this error should also check to see if their registration page is available to new users. Both the logout and registration page are inaccessible when security is active. deactivate and they both work fine. So until there is a fix I guess this very useful tool will have to stay deactivated.

  15. colortrails
    Member
    Posted 1 year ago #

    I get this same problem on the sites where I use this plugin. Log-out only. But wondering if it has something to do with a particular combination of settings.

    At first I saw this only on one site today when I installed the plugin and configured it for the first time. Didn't see it on the other site where I've used this for a while. But when I compared the settings and saved a revised setting for the older site it too resulted in 403 logout errors. When I went back and changed that one setting back, it didn't fix anything. So maybe the process of updating the plugin and then saving a new setting triggers this under current version of WP? Not sure what the combo of settings would be if any but also a thought....

  16. jstearn
    Member
    Posted 1 year ago #

    It doesn't look like they are going to fix this issue. They've promised for some time now, but they never do it.

    Anyway, you can resolve this by going to Security --> System Tweaks. Under "Server Tweaks" (the first section on the page) uncheck "Filter Suspicious Query Strings" and that should take care of it.

    The redirection string was causing an issue. Shouldn't be considered suspicious, but it is. If the plugin is ever updated, you will want to reenable this.

    Hope that helps people.

  17. Chris Wiegman
    Member
    Plugin Author

    Posted 1 year ago #

    It has been fixed in 3.4.2 (you might need to re-save your system tweaks settings)

  18. jstearn
    Member
    Posted 1 year ago #

    Cool. Thanks.

  19. djavet
    Member
    Posted 1 year ago #

    I apply the fix, but I still have the error 403 when I'm log out or in.
    I've uncheck "Filter Suspicious Query Strings". Work now.

    Do you plan a new patch or I'm the only one now in this case?

    Thx for your work.
    Dom

  20. You get it with filter suspicious query strings? Sounds like a conflict with another plugin in that one. Are you using anything else that would fire at login/logout?

  21. djavet
    Member
    Posted 1 year ago #

    Yes. But I dont use any other login logout plugin.
    Here is the list of my active plugins:

    Admin Menu Tree Page View
    Akismet
    Bad Behavior
    Better Tag Cloud
    Better WP Security
    Broken Link Checker
    CMS Tree Page View
    Enable Media Replace
    Google XML Sitemaps
    Highslide for WordPress *reloaded*
    HTML Javascript Adder
    Jetpack by WordPress.com
    Kindle This
    Login Logo
    PHPlist
    PixoPoint Theme Integrator
    Really Simple CAPTCHA
    Really simple Facebook Twitter share buttons
    Revision Control
    Simple Local Avatars
    Theme Authenticity Checker (TAC)
    ThreeWP Activity Monitor
    TimThumb Vulnerability Scanner
    Twiter Search Widget
    Ultimate Follow Me Plugin by Free Blog Factory
    Widget Logic
    WP-PageNavi
    WP Help
    Wp Pagenavi Style
    WP Super Cache

    Any idea?

    Dom

  22. cogmios
    Member
    Posted 1 year ago #

    @djavet maybe its an idea to first disable all of them to see which one conflicts instead bit51 having to run through all of them?

  23. @cogmios. Thanks. I don't even know what they all so I won't be checking them all.

    @djavet - That is a significant amount of plugins you have going there. Just by the title I could see how certain ones could cause issues (although I have no idea what most of them do) but I'm afraid that unless you can pinpoint the plugin you are having a conflict with I'm not going to be able to be much help to you.

  24. djavet
    Member
    Posted 1 year ago #

    Hi!

    I will make a copy of the blog and test all plugin one per one, but will take time.
    @Bit51, could tell me from the title your notice, the supposed ones which can make problems?

    Thx for your work!
    Dom

  25. Hi Dom,

    From you list here is what I would suspect:

    Admin Menu Tree Page View
    Akismet
    Bad Behavior
    Broken Link Checker
    CMS Tree Page View
    Highslide for WordPress *reloaded*
    HTML Javascript Adder
    Jetpack by WordPress.com
    Login Logo
    PHPlist
    PixoPoint Theme Integrator
    Theme Authenticity Checker (TAC)
    ThreeWP Activity Monitor
    TimThumb Vulnerability Scanner

    Of course this is only a guess as I've never used many of these myself however the functions their titles suggest have caused issues in the past.

  26. sureshtmp-456
    Member
    Posted 1 year ago #

    Hi Guys,

    I have installed WP 3.4.2. WP Better Security 3.4.4

    I have a logout link like
    http://www.someserver.com/?page_id=4&logout=logout

    This gives same error 403 as discussed in this thread. I have these 6 plugins.
    BackWPup
    Better WP Security
    Exploit Scanner
    Members
    User Role Editor
    WP Editor

    But none of these fire anything like login/logout. Any idea how I can resolve the issue.

    As mentioned by @djavet unchecking the field "Filter Suspicious Query Strings" resolves the issue.

    But I don't want to uncheck this for obvious reasons.

    Any idea how I can trouble shoot ?

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic