Are you getting a REAL 403 error from the server or the WordPress message “you do not have sufficient permissions to access this…”?
Look in the WordPress root for a file called error_log. If you find the file, it will contain errors based on date an time. Look at the most recent errors and post the complete error message here. Don’t post duplicates and use pastebin if the errors are overly long.
I am having this problem also. I have the latest WP and this was a fresh install into /wp directory. I have never had this problem with any other sites, all using the same host. I do have this site on network admin, unlike other sites.
My 403 error is server-generated, not WP, but my host cannot locate the problem and says that the discussion settings work for them.
This is the message:
403 Forbidden
The page you are looking for might have been removed, had its name changed, or is temporarily unavailable.
Any help would be much appreciated.
I checked and it is a 403 in the http header. I found the error_log in wpadmin folder and it doesn’t have any 403, and no errors since April. Those errors were exceeding memory limitations from a plugin, so I don’t think it’s related. I’ve sent a note to my hosting provider to see if there are error logs elsewhere.
Any ideas on how to address this?
I discovered that ALL the WP sites I administer, which are on this same host, now have this problem, although they were fine on the install. One site had WP installed just two weeks ago, and the discussion settings worked fine then.
The host has no solution except to remove the security that protects the sites from malicious attacks.
Could Akismet be the problem, since it does monitor comments? All my sites are using it. However, it is not currently activated on one site, because I removed the multi-site option and had to manually re-activate all the plug-ins. The 403 error is still there. I will try deactivating it on the other sites.
There are php error logs on the server. Hopefully your host will give us something to look for.
You should also see 403 errors in your cPanel error log. In a normal cPanel the Error Log is located in the Logs section.
Have a look at the permissions for wp-config.php, wp-admin and various folders and files in wp-admin. Files are probably 0644 and folders 0755 on most servers.
My hosting provider resolved it by disabling Mod security in apache. Does that open me up to problems and it should really be on, but there’s a way to resolve the issues in admin?
The short answer is yes. I’m surprised it was ModSec related because of the 403 not a 406 error.
ModSec can be controlled by htaccess and only affect various pages or files. Here is a discussion you might want to share with you host: https://wordpress.org/support/topic/wordpress-wont-save-this-sentence-wtf?replies=4. With their access to the php error log, maybe they can just turn off ModSec to the offending file or files without you loosing all the scripting protection ModSec provides.
My host offered to disable the ModSec too, and I declined. They seem sure that this is the cause of the 403 error.
There are no errors showing in the cPanel error log.
Which files would have to be have ModSec turned off in order for the discussion settings to work?
All my WP files seem to have 0644 permission, except for config, which is 0600.
Hi again,
The problem on my site has been resolved. I deactivated Akismet, an anti-spam plug-in that addresses spam via the Discussion settings, and no longer get the 403 message. When I re-activated it, the Discussion settings still worked.
I can’t say for sure that this was the problem, but it seems likely, since no other changes were made to the plug-ins, except updates.
I found that the mod-security is triggering because these pages have a content something like “blacklist_keys”. (Its a false detection)
The fix is to replace this word with some other words like “simple_keys” in the given below files.
wordpress directory/wp-admin/includes/schema.php
wordpress directory/wp-admin/options-discussion.php
wordpress directory/wp-admin/options.php
or remove the lines which are having “blacklist_keys” in these two files.
wordpress directory/wp-admin/includes/schema.php
wordpress directory/wp-admin/options-discussion.php
then remove only the “blacklist_keys” from the file.
wordpress directory/wp-admin/options.php
