WordPress.org

Ready to get started?Download WordPress

Forums

You don't have permission to access /blog/wp-admin/options.php (23 posts)

  1. allyenw
    Member
    Posted 6 years ago #

    When trying to change the "reading" options under settings I get the error, "You don't have permission to access /blog/wp-admin/options.php on this server." I have tried adding a .htaccess file like suggested in another related forum post and the blog admin functions shut down entirely.

    I am able to change the "writing" options under "settings" without getting any errors.

    I have tried changing permissions on the wp-admin folder and changing permissions on the options.php file itself to no avail.

    I am stuck....your help is greatly appreciated.

  2. networkmarketingopps
    Member
    Posted 6 years ago #

    I am new to blogging and WordPress and although my blog page came up, when I try to login to my admin panel, it give me a message that I do not have permission to access this area. So I have a blog, but no way to do anything with it.

    Also, as of this morning, I cannot even pull up my blog. It says the webpage does not exist. This is not an easy site to navigate. I almost never found my way to this forum site and had to re-register to even get to this point where I can post on the forum.

    Can anyone tell me how to get into my admin panel?

  3. neil456
    Member
    Posted 5 years ago #

    I am also getting this on a new blog. Any suggestions? Settings -> Writing work fine. Settings -> Reading give a 403 error; "You don't have permission to access /wp-admin/options.php on this server." All else seems to work fine.

  4. Shyzer
    Member
    Posted 5 years ago #

    I've gotten this error on one of my sites before as well, except for the "Writing" option instead of the Reading. I never found a solution and just tossed it up to weird luck.

  5. BernardBorealis
    Member
    Posted 5 years ago #

    Make sure that your wp-admin/options.php (or whatever the file is) is owned by you/(your username) (chmod) and that the permissions on it are set to 644

  6. peruvianllama
    Member
    Posted 5 years ago #

    I encountered the same problem, using WP 2.6.2, upgrading the install from 2.0.x. As with the above comments, the 403 error only presented itself when I tried to change options under a single header ('Reading', for me).

    Permissions on all my files under /wp-admin/*.php were set to 644 to begin with. Just to make sure, I set permissions to 777 but this had no effect and the error remained.

    After some Googling and translating from other languages, on a whim I inserted this into my .htaccess file at the root of my website:

    <IfModule mod_security.c>
    SecFilterEngine Off
    SecFilterScanPOST Off
    </IfModule>

    and this seemed to fix the problem. I don't know enough about module security to know if this is a good/bad thing, or really what it's fixing, so I would love it if somebody could illuminate us all here.

  7. whooami
    Member
    Posted 5 years ago #

    I don't know enough about module security to know if this is a good/bad thing, or really what it's fixing, so I would love it if somebody could illuminate us all here.

    you can google mod_security to learn what it is, and what it does.

    In a nutshell:

    Web services are vulnerable to several attacks. These attacks can lead to information leakage and further aid in remote command execution. By using WSDL an attacker can determine an access point and available interfaces for web services. These interfaces or methods take inputs using SOAP over HTTP/HTTPS. If these inputs are not defended well at the source code level, they can be compromised and exploited. ModSecurity operates as an Apache Web server module, ideal for defending web services against attacks that also include malicious /POST variable/content.

    You dont cause any security issues by disabling it (which you have done), but you have a little more protection while you are using it.

  8. kensy
    Member
    Posted 5 years ago #

    cmod 777 eros:

    Forbidden
    You don't have permission to access /home/wp-admin/options.php on this server.

  9. kensy
    Member
    Posted 5 years ago #

    Help???

  10. rednus
    Member
    Posted 5 years ago #

    <IfModule mod_security.c>
    SecFilterEngine Off
    SecFilterScanPOST Off
    </IfModule>

    Cheers m8.. that did the magic for me too..

  11. bugra_cc
    Member
    Posted 5 years ago #

    <IfModule mod_security.c>
    SecFilterEngine Off
    SecFilterScanPOST Off
    </IfModule>

    WORKS!!!!!!!

  12. agentbuzz
    Member
    Posted 5 years ago #

    If you don't want to turn off mod_security altogether, you can turn off the global rule that forbids directory listings. mod_security considers that to be "information give-away". I had the same problem with access upon logging in to the WordPress admin page, and the following was reported in the mod_security audit log:

    Message: Access denied with code 403 (phase 4). Pattern match "(?:<(?:TITLE>Index of.*?<H|title>Index of.*?<h)1>Index of|>\[To Parent Directory\]<\/[Aa]>
    )" at RESPONSE_BODY. [file "/usr/local/apache2/conf/modsecurity/modsecurity_crs_50_outbound.conf"] [line "54"] [id "970013"] [msg "Directory Listing"] [severity "WARNING"] [tag "LEAKAGE/INFO"]

    Sure enough, on line 54 of one of the rulesets, this is preventing access to the directory listing:

    52 # Directory Listing
    53 #SecRule RESPONSE_BODY "(?:<(?:TITLE>Index of.*?<H|title>Index of.*?<h)1>Index of|>\[To Parent Directory\]<\/[Aa]>
    )" \
    54 # "phase:4,t:none,ctl:auditLogParts=+E,deny,log,auditlog,status:403,msg:'Directory Listing',id:'970013',tag:'LEAKAGE/INFO',severity:'4'"

    As you can see, I just commented out that one rule. Then I re-started Apache. No access errors.

  13. gje
    Member
    Posted 5 years ago #

    In my case setting permissions to 770 worked

  14. dbelsham
    Member
    Posted 5 years ago #

    Hi
    <IfModule mod_security.c>
    SecFilterEngine Off
    SecFilterScanPOST Off
    </IfModule>

    Thanks this worked for me also

  15. dcs0582
    Member
    Posted 5 years ago #

    Running with 2.7.1 here ...

    I tried adding this to the .htaccess file at the root of my site:

    <IfModule mod_security.c>
    SecFilterEngine Off
    SecFilterScanPOST Off
    </IfModule>

    That caused my main page to no longer display, so I removed the four lines.

    Next I tried changing the mode on /wp-admin/options.php to 774, but that didn't cure the 403 error when trying to change general options.

    From options-general.php, all in the world I'm trying to do is change my stupid timezone from UTC-4 to UTC-6. When I make the option change then click "Save Changes", I get the frustrating "Error 403. Forbidden." with /wp-admin/options.php as the URL. Very frustrating!

    Is there some way to go in with phpMyAdmin and diddle some bits in the database to switch the timezone?

  16. omasciarotte
    Member
    Posted 5 years ago #

    I'm having the same problem and getting the same results as dcs0582...sheesh! Sorry Moshu <http://wordpress.org/support/topic/207044?replies=2> but, we have not found the answer!

  17. omasciarotte
    Member
    Posted 5 years ago #

    Did I mention that this problem has persisted since January of last year & several versions ago!

  18. so363
    Member
    Posted 5 years ago #

    As utterly bizarre as this may sound, I've experienced this problem when I had the phrase "selected from" in my page.

    I discovered this by literally copying each individual paragraph into the page, and then saving and testing. Immediately after copying the paragraph containing "selected from", I got the error.

    I then went to copying each individual word, and every time I pasted (or typed) the word "from" after selected, it would error.

    As soon as I changed the text to "chosen from", it allowed me to save again.

    Weird, huh?

  19. n7qvc
    Member
    Posted 5 years ago #

    This is what my .htaccess looks like Originally

    # BEGIN WordPress
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /journal/
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /journal/index.php [L]
    </IfModule>
    # END WordPress

    I changed it to

    <IfModule mod_security.c>
    SecFilterEngine Off
    SecFilterScanPOST Off
    </IfModule>

    Same Problem

    I changed it to

    # BEGIN WordPress
    <IfModule mod_rewrite.c>
    RewriteEngine On
    SecFilterEngine Off
    SecFilterScanPOST Off
    RewriteBase /journal/
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /journal/index.php [L]
    </IfModule>
    # END WordPress

    Same problem. Still unable to make any changes to my Settings Area.

  20. webmistressofthedark
    Member
    Posted 5 years ago #

    Have you checked your theme folders? That is what caused my problem.

  21. giocaputo
    Member
    Posted 5 years ago #

    same problem also with adding on .htaccess!!!!

  22. mmairs
    Member
    Posted 5 years ago #

    You may also get this symptom from a bad symlink in which case none of the other fixes can help.

  23. losttraveller
    Member
    Posted 5 years ago #

    The changing of .htaccess worked for me, thank you so much I have been searching for hours!
    Does anyone know just how dangerous it is to leave the "filterengine" and "filtersacnPOST" commands turned off?

Topic Closed

This topic has been closed to new replies.

About this Topic