Support » Plugin: BulletProof Security » Log out fails with 403 Forbidden Error Page

  • Resolved Carlo Rizzante


    Hello again,
    and thanks for a great plugin. Apparently it also sped up the whole network.

    However, I have an other issue with it. I cannot log out (I tried Chrome 29.0.1547.76 and Firefox 23.0.1). When I try to logout I receive an error as below: 403 Forbidden Error Page
    If you arrived here due to a search or clicking on a link click your Browser's back button to return to the previous page. Thank you

    I presume it is due to the .htaccess file, but I am clueless of where exactly is the problem.

    On that network I employed the .htaccess for one unique Admin who can login, as taken from

    Any idea of the reason why this happens?

    Thanks in advance 🙂

Viewing 10 replies - 1 through 10 (of 10 total)
  • Plugin Author AITpro


    I assume you used the IP based Login Protection? If so, then the IP address you are allowing is not the actual IP address in the .htaccess file code. This could be because you are using 4 octets of your IP address instead of 3 or 2. Your ISP will change your IP address regularly and frequently, but your first 3 or 2 octets of your IP address may or may not be consistently the same. You can only use IP based Login Protection if 3 or 2 of your IP address octects are always consistently the same.

    If you are using Cloud/CloudFlare services then see the help section in the forum link above that you posted regarding Cloud IP based code.

    If using CloudFlare for the site, which I can’t tell here, then you want to make sure you have something to restore original visitor IP. If not, our IPs are going to show and this would impact IP restriction based on login.

    Plugin Author AITpro


    @damoncloudflare – BPS will have additional System Info checks to help users with this. I have researched how CloudFlare does what it does and in the next BPS version release the System Info page will display the correct IP address based on a series of checks (VERY, VERY Sanitized checks):


    BPS does not change or interfere with whatever the actual correct IP address is going to be that is needed. The IP Based code is very simple and only handles basic allow or deny conditions based on the IP address that the user adds to the .htaccess code. So the logic is get the end user the correct IP address that they need on the System Info page so that they can add that IP address in the .htaccess code.

    Plugin Author AITpro


    Also the particular code that Carlo is referring to is Bonus Code and is Not standard BPS .htaccess code. At some point it will be added as an additional option, but at this point the users have to manually add the code and add their correct IP addresses.

    Plugin Author AITpro


    When it is added as an optional feature then the correct IP address or addresses will be auto-populated for the end user.

    Plugin Author AITpro


    @damoncloudflare – I read somewhere else on the CloudFlare site that HTTP_CF_CONNECTING_IP will be the same as HTTP_X_FORWARDED_FOR. Is that correct? Posting this code below just as a reference for myself.

    if (isset($_SERVER['HTTP_CF_CONNECTING_IP']))
    Plugin Author AITpro


    Or would it be better to add an additional check for HTTP_CF_CONNECTING_IP instead of assuming that HTTP_X_FORWARDED_FOR will be the correct CloudFlare IP?

    Plugin Author AITpro


    Did this answer your question? If so, please resolve this thread. If not, please post a status update.

    Hello all, and thanks so much for your replies.

    I realize that I indeed did a silly mistake. I didn’t pay enough attention to the IP I was connecting to. I change location and of course the IP changed. I fixed that.

    Please allow me few minutes to read carefully the whole thread. I will set as resolved the whole pack shortly.

    Thanks again 🙂

    Great, you’re awesome.
    I close the thread, then 🙂

Viewing 10 replies - 1 through 10 (of 10 total)
  • The topic ‘Log out fails with 403 Forbidden Error Page’ is closed to new replies.