Moderator
t-p
(@t-p)
403 error = forbidden site/page.
WordPress doesn’t have that kind of setting out of the box, so it is probably something server related – something wrong with the permissions.
Check your htaccess.
Check two things:
(1) Check your htaccess file and see if there are permissions set so that /wp-admin/ folder is locked to an ip address and if so, then add your ip address to the allowed list like this (replace the 123.13.123.123 with your IP):
allow from 123.123.123.123
Save your htaccess file and attempt to login to your admin aread of wordpress /wp-admin/wp-login.php
(2) If the above didnt work go to “Password Protect Directories” in your Cpanel and see if your wp-admin folder is password protected. if it is then either disable the password protection, or set a new passowrd and try again.
My htaccess is basic:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ – [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
and wp-login.php is not in folder.
and in fact when I change into /wp-login.php without var (?action=resetpass&key=djIJnfdQxjpwfjjymg5U&login=loginname) It’s working. So I can access to /wp-login.php, no?
If var are bad for ex: action=dodododo there is no check but error 403.
And this man have the same problem :
http://vedovini.net/2013/05/how-to-change-your-wordpress-password-when-you-lost-all-hopes/
I contacted my hosting and they have the same problem in a blank install.
Hello,
Thank you for your help.
I spoke with my host.
Here are the results of our research:
“We are currently facing several waves bruteforcing interface
Administration Joomla and WordPress. Following this, we implemented a
system to eliminate this kind of attacks. The rules established
were obviously too strict and prevented access to certain pages.
They have just been adapted this morning … “
Since then, the 403 error is gone and the change password is operational again.
It is therefore necessary to contact host to ask him to look at it closely.
Yes, WordPress have not involved.
Hoping this will help other.
Sincerely,
Jeff
Hi Jeff,
Yeah, that makes perfect sense.
Seems your host was just taking care of security.
If they have fixed it now, and the change password is working for you, I suggest changing the password and just continue on running your blog.
If your username is admin or administrator, I suggest making a new account with a different username and a strong password, then disable the user who has the username of admin.
Moderator
t-p
(@t-p)
Glad you got it sorted with your host. 🙂
