Plugin Author
AITpro
(@aitpro)
I don’t think mod_security is the cause of the problem, but of course it could be.
Do these general troubleshooting tests
Try putting BPS in Default Mode and test.
Try deleting the wp-admin .htaccess file and test.
Also post any errors that are related to saving a draft or publishing a post from the BPS Security Log.
Since you have Better WP Security installed you will also need to troubleshoot that plugin.
Plugin Author
AITpro
(@aitpro)
Plugin Author
AITpro
(@aitpro)
Did this answer your question? If so, please resolve this thread. If not, please post a status update.
Plugin Author
AITpro
(@aitpro)
Did this answer your question? If so, please resolve this thread. If not, please post a status update.
Plugin Author
AITpro
(@aitpro)
Another possibility is that this is a non-WordPress call to post.php. ie a plugin or theme is simulating an RFI hacking attempt against your website in the way that the plugin or theme code is calling post.php. For these cases see the Forum link below for the solution.
http://forum.ait-pro.com/forums/topic/excessive-403-errors-from-my-own-login-why/#post-6812
Plugin Author
AITpro
(@aitpro)
Did this answer your question? If so, please resolve this thread. If not, please post a status update.
Plugin Author
AITpro
(@aitpro)
Resolving. Thread appears to be abandoned.
Thread Starter
Zaek
(@zaek)
So sorry, I honestly dont recall how I fixed it. I only get the 403 error now when I try to use “embedly” plugin. I read that it could be a problem with -cloudflare-. Not sure if cloudflare is problematic here or not.
Plugin Author
AITpro
(@aitpro)
Post the error related to this plugin from your BPS Security Log file. Probably just need to add a skip/bypass rule to take care of that issue.
Thread Starter
Zaek
(@zaek)
This is what I got:
One site gets past the preview, but does this when I try to save or publish:
>>>>>>>>>>> 403 GET or Other Request Error Logged – November 9, 2013 – 11:41 pm <<<<<<<<<<<
REMOTE_ADDR:
Host Name:
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR:
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER: http://website/wp-admin/post.php?post=12&action=edit
REQUEST_URI: /wp-admin/post.php
QUERY_STRING:
HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.101 Safari/537.36
AND the other site wont preview the url with the embedly plugin, so cant even embed it into post to try and save/publish. That site does not leave an error in the log file.
Video demo of what happens shown here:
http://www.youtube.com/watch?v=QpQ05EEBddc
Plugin Author
AITpro
(@aitpro)
Add this skip/bypass rule below to this BPS wp-admin Custom Code text box: CUSTOM CODE WPADMIN PLUGIN FIXES: Add ONLY WPADMIN personal plugin fixes code here
# post.php skip/bypass rule
RewriteCond %{REQUEST_URI} (post\.php) [NC]
RewriteRule . - [S=2]
Click the Save wp-admin Custom Code button.
Go to the Security Modes page and activate wp-admin BulletProof Mode again. You do not need to activate Root folder BulletProof Mode again.
