403 Error

Jeff

I’ve had the same problem and have been unable to use the plugin.

I’ve changed to a default theme, deactivated every other plugin, cleared the cache on my browser and on my site, but whenever I make a change to the USP settings then click on ‘Save All Changes’ I get a 404 Forbidden – Access to this resource on the server is denied.

I am using WordPress 6.0.3 and USP version 20221004 on a Litespeed server.

I’ve had to disable the plugin, activate all my other plugins, deactivate USP, and everything on my site works fine.

In short, USP does not seem to work with WordPress 6.0.3, or at least, it doesn’t work for me.

Any ideas?

I’m self hosting and the Firewall on the server is showing the following critical error every time I click ‘Save All Changes’ on the app. Not sure if this is caused by a fault in the Firewall settings (if so, I can contact hosting company) or by USP. The logged error message means nothing to me!

ID : 340148Severity : CRITICALLabel : -
info: Matched Operator '(?:< ?script|< ?(?:i?frame ?src|a ?href) ?= ?(?:o gg|tls|ssl|gopher|zlib| (ht|f)GST?) \:/|document\.write ?\(|(?:<|< ?/) ?(?:(?:java|vb)script|applet|activex|chrome|qx?ss|embed)|< ?/?i?frame\b|< ?img src ?=|< ?base href ?=)' against variable 'ARGS| REQUEST_HEADERS:X_FORWARDED_FOR| ARGS_NAMES|! ARGS:/^cont/|! ARGS:/introtext/|! ARGS:_message|! ARGS:/com_liferay/|! ARGS:/fbmcc/|! ARGS:/refuse_code/|! ARGS:/ide_/|! ARGS:/bsr_/|! ARGS:nav-menu-data|! ARGS:/sc_stats/|! ARGS:/contact_map/|! ARGS:/adsense/|! ARGS:rtel|! ARGS:/TextArea/|! ARGS:/^dbem/! ARGS:insp_code|! ARGS:/marketing_code/|! ARGS:addthis|! ARGS:/option_tree/|! ARGS:/go_code/|! ARGS:/custom/|! ARGS:/shortcode/|! ARGS:/analitics/|! ARGS:/area_id/|! ARGS:/_head_/|! ARGS:/theme/|! ARGS:/ga_code/|! ARGS:/analytic/|! ARGS:/_js_/|! ARGS:/schema/|! ARGS:/^ifeature/|! ARGS:/^redux/|! ARGS:/analyticscode/|! ARGS:/suffix/|! ARGS:/sadrzaj/|! ARGS:js_includes|! ARGS:/m1_source/|! ARGS:/geodir/|! ARGS:/suffix/|! ARGS:/banner_block/|! ARGS:/introcopy/|! ARGS:ausgabe|! ARGS:eingabe|! ARGS:/previewdata/|! ARGS:/tracking_extra/|! ARGS:SAMLResponse|! ARGS:/^groups/|! ARGS:video|! ARGS:/google_map/|! ARGS:/gacode/|! ARGS:code1|! ARGS:sotenson|! ARGS:ga_code|! ARGS:customized|! ARGS:code_analytics|! ARGS:uvod|! ARGS:/^field_video/|! ARGS:q|! ARGS:/^textarea-video/|! ARGS:leirro|! ARGS:lomake|! ARGS:vastaus|! ARGS:vraag|! ARGS:qti_data|! ARGS:tracklist|! ARGS:i_google|! ARGS:code_area_text|! ARGS:/log_code/|! ARGS:/^ADVERT_/|! ARGS:UserData|! ARGS:areas|! ARGS:templatecode|! ARGS:/prevObject/|! ARGS:/replaceAll/|! ARGS:/insertBefore/|! ARGS:/insertAfter/|! ARGS:/prependTo/|! ARGS:/appendTo/|! ARGS:/mapcode/|! ARGS:googleCode|! ARGS:/^recipient/|! ARGS:optional_head|! ARGS:/^form/|! ARGS:/^var_value/|! ARGS:variable_data|! ARGS:/customfield/|! ARGS:val333|! ARGS:notice|! ARGS:/formcode/|! ARGS:/ajax/|! ARGS:all|! ARGS:allowedTags|! ARGS:/tracking/|! ARGS:/google_analytics/|! ARGS:/widget/|! ARGS:ad_code|! ARGS:/jscode/|! ARGS:postcontents|! ARGS:/keycaptcha_code/|! ARGS:video1|! ARGS:/updateAds/|! ARGS:map|! ARGS:gmapcode|! ARGS:/^Sidebar/|! ARGS:/^wpTextbox/|! ARGS:paragrafo|! ARGS:/question/|! ARGS:/style/|! ARGS:sidebar|! ARGS:analyticscode|! ARGS:top_news|! ARGS:tracking_code|! ARGS:data[config]|! ARGS:fulltext|! ARGS:introtext|! ARGS:offertext|! ARGS:block|! ARGS:livezillacode|! ARGS:whats-new|! ARGS:/embed/|! ARGS:/desc/|! ARGS:/sidebar/|! ARGS:/ad_code/|! ARGS:/footer/|! ARGS:/^p_process_chats/|! ARGS:obj_itop|! ARGS:/wyscms/|! ARGS:/script/|! ARGS:eventDescription|! ARGS:/^product/|! ARGS:/^field_/|! ARGS:match_report|! ARGS:/^usergroup/|! ARGS:sendDescription|! ARGS:email_id|! ARGS:obj_itop|! ARGS:/^instance/|! ARGS:sml_prt_1|! ARGS:pay_inst_1|! ARGS:/^jform/|! ARGS:eip_value|! ARGS:phpcode|! ARGS:intro|! ARGS:/product_benefits/|! ARGS:Snippet|! ARGS:_qf_Select_next|! ARGS:move2|! ARGS:oid|! ARGS:Submit2|! ARGS:layout|! ARGS:pageset|! ARGS:contact_form_information|! ARGS:/^site_/|! ARGS:/^translations/|! ARGS:create_tables|! ARGS:insertfile|! ARGS:video_credits|! ARGS:move2|! ARGS:input[Desarrollo]|! ARGS:hoperation|! ARGS:arg2|! ARGS:login_form|! ARGS:resumoDetalhe|! ARGS:Right_photo_1|! ARGS:/^K2ExtraField/|! ARGS:bbcode_tpl|! ARGS:embedVideo|! ARGS:/submitcode/|! ARGS:mentorhelp|! ARGS:/custom_code/|! ARGS:beschrijving|! ARGS:custombannercode|! ARGS:bannercode|! ARGS:privatecapacity|! ARGS:diz|! ARGS:FormLayout|! ARGS:parent_name|! ARGS:/^fck/|! ARGS:/^code_tscript/|! ARGS:_qf_Group_next|! ARGS:project_company|! ARGS:categories_title|! ARGS:antwoord|! ARGS:project_company|! ARGS:/signature/|! ARGS:paepdc|! ARGS:tpl_source|! ARGS:teaser_js|! ARGS:/^autoDS/|! ARGS:FrmSide|! ARGS:mainKeywords|! ARGS:guardar|! ARGS:/VB_announce/|! ARGS:/serendipity/|! ARGS:omschrijving|! ARGS:resolution|! ARGS:newyddionc|! ARGS:bericht|! ARGS:property_copy|! ARGS:/^outpay/|! ARGS:bedrijfsprofiel|! ARGS:s_query|! ARGS:finish_survey|! ARGS:photolater|! ARGS:/element/|! ARGS:ticket_response|! ARGS:option[vbpclosedreason]|! ARGS:embeddump|! ARGS:/introduction/|! ARGS:/contenido/|! ARGS:query|! ARGS:/sql/|! ARGS:prefix|! ARGS:c_features|! ARGS:/tekst/|! ARGS:other_clubs|! ARGS:/^elm/|! ARGS:/^saes/|! ARGS:dlv_instructions! ARGS:/^cymr/|! ARGS:_qf_Register_upload|! ARGS: verbiage|! ARGS:/^wz/|! ARGS:tiny_vals|! ARGS:sSave|! ARGS:/article/|! ARGS:/about/|! ARGS:/^elm/|! ARGS:news|! ARGS:/Summarize/|! ARGS:/^product_options/|! ARGS:/SiteStructure/|! ARGS:/anmerkung/|! ARGS:/summary/|! ARGS:/edit/|! ARGS:reply|! ARGS:/story/|! ARGS:resource_box|! ARGS:preview__hidden|! ARGS:order|! ARGS:youtube|! ARGS:/post/|! ARGS:reply|! ARGS:business|! ARGS:navig|! ARGS:/pagimenu/|! ARGS:/^jms/|! ARGS:/note/|! ARGS:/page/|! ARGS:/homePage/|! ARGS:Post|! ARGS:area|! ARGS:/^field_id/|! ARGS:/detail/|! ARGS:/how/|! ARGS:LongDesc|! ARGS:ta|! ARGS:Returnid|! ARGS:busymess|! ARGS_NAMES:/^V\*/|! ARGS_NAMES:/^S\*/|! ARGS:/^quickrise_advertise/|! ARGS:rt_xformat|! ARGS:/wysiwyg/|! ARGS:contingut|! ARGS:/^werg/|! ARGS:/body/|! ARGS:/css/|! ARGS:/^section/|! ARGS:/msg/|! ARGS:t_cont|! ARGS:/^doc/|! ARGS:/xml/|! ARGS:googlemap|! ARGS:tekst|! ARGS:formsubmit|! ARGS:invoice_snapshot|! ARGS:submit|! ARGS:/html/|! ARGS:/content/|! ARGS:/footer/|! ARGS:/header/|! ARGS:/link/|! ARGS:/text/|! ARGS:/txt/|! ARGS:/refer/|! ARGS:/referrer/|! ARGS:/template/|! ARGS:/ajax/|! ARGS:/infobox/'

message: Atomicorp.com WAF Rules: Potential Cross Site Scripting Attack

Not adding any custom code. I have reset to defaults and clicked ‘Save’ but still get 404. When I get back in the change has been made. If I change a single setting and then click save I get back to a 404. All of these are logged on my firewall as a 340148 ‘potential cross site scripting attack’.

If I remove the 349148 setting from the firewall the app works fine!

Self hosted. Following tweak of firewall have reactivated all my other modules and original theme, and USP is now working correctly.