Nội dung
Processing 403 error when entering WordPress admin (Forbidden) with 5 steps.
I. Overview
Welcome back to the AZDIGI documentation channel. In today’s article, I will guide you on how to check and troubleshoot the 403 Forbidden error when accessing the WordPress admin on cPanel hosting at AZDIGI. 403 Forbidden error, you can understand that you are blocked from accessing that page. The reason why it is blocked and how to solve it, AZDIGI will guide you in today’s article.
II. Steps to fix 403 error when accessing WordPress admin
Step 1: Disable ModSecurity
ModSecurity is also a cause of this. ModSecurity is a typical firewall application. When a request is sent, ModSecurity will parse that request into the Request header, Request body components. Any field in each section that violates the established rules will depend on the configurator that has the corresponding response.
Usually, ModSecurity will be enabled on your Hosting, but in some cases, you manipulate your website (manipulate too fast or for other reasons), causing Hosting to mistake you as the person trying to invade. So if you go to Hosting, this feature will block your access, you usually get a 403 error in this case.
You log in to cPanel => ModSecurity and select the corresponding domain and turn it off.
After disabling ModSecurity, please try to access the website to see if it works or not, if not, continue with step 2 as follows:
Step 2: Check the configuration file .htaccess
What is .htaccess? The file .htaccess (hypertext access) is located in the root directory of the hosting and is managed and authorized by apache. The .htaccess file can control, configure many things with a variety of parameters, it can change the default setting values of the webserver…
If in the .htaccess file you set up rules to block execution or access, it will lead to a 403 error when accessing the website or being an admin of the web. Go to cPanel and open this file.
Since this is a hidden file, you need to show the hidden file as follows:
After opening the file, copy the content of the .htaccess file as follows and paste it in.
# BEGIN WordPress
RewriteEngine On
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteBase /
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R]
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
# END WordPress
Now try to access it and see if there is still a 403 error. If not, you can confirm the error from the .htaccess file. If the error still appears, continue with Step 3.
Step 3: Disable Security Plugins
For some security Plugins you install on your website when you do not follow the plugin’s rules, the plugin will work and block your access to the website. Below are examples of some common security plugins:
- Wordfence Security
- iTheme Security
- Sucuri Security
- All In One WP Security and Firewall
Go to your hosting and navigate the Plugins folder wp-content/plugin. Here, you will see all installed plugins. For example, I have iTheme Security installed and I will disable it by renaming or re-decentralizing from 0755 to 0000 or removing this plugin.
Now try to access it and see if there is still a 403 error. If the error still appears, you continue to do it in Step 4 because this is a way to help you check each problem so that you can eliminate it.
Step 4: Check the wp-admin folder
When you access the admin page, the wp-admin folder will manage this page. Therefore, go to the wp-admin folder and check if there is a .htaccess file, if so, please open the file and read the content first.
My case is that in wp-admin there is a .htaccess file with the content deny from all *.php, which means it will disable all when accessing .php files. This is the first cause I can identify and I will delete this .htaccess file.
Step 5: Check for Malware
Malware is also the most common cause of this condition. As the image below, you will easily recognize the files are not in the structure of WordPress and the virus has created the files and inserted malicious code causing this error.
The basic reason why the website is infected with malicious code:
- In the process of using, you upload data, if the data on your personal computer is infected with a virus when you upload it, it will bring the virus to the hosting.
- Password management information is set at a simple level, not difficult enough, easy for hackers to exploit, some websites set passwords as follows (123456, 12345678, 12345678a), which is very dangerous for the website.
- Don’t update WordPress versions, Plugins and Themes to new versions, old versions have many vulnerabilities and are vulnerable to exploits.
- Using a paid Theme, Plugin but sharing for free is easy to install malicious code.
- Failure to comply with security guidelines, using website/hosting.
- Don’t regularly scan the website with tools and plugins to scan for malicious code.
- Website operating on the internet will be at risk every day, every hour because there will be hackers, auto bots find holes to exploit and insert malicious codes, so the website needs to be checked for updates and maintained regularly. (You can see companies and businesses always have IT to do this review)
See more:
- Guide to handling malware on WordPress website using plugin
- Secure WordPress website with Wordfence plugin
For AZDIGI hosting, you can go to imunify 360 => Hosting to see the malware-infected files detected by the software.
For hosting servers using cPGuard application, you can access cpguard => Virus Scanner => > to review scan logs.
Once you have identified the cause, you can promptly fix your website to ensure data security.
If you have completed all 5 methods but still cannot resolve the Forbidden 403 error, please submit a ticket to the Technical Department for technical support.
III. Summary
So AZDIGI has just completed the guide to handling the 403 Forbidden error when accessing WordPress admin. Hopefully, this article can help you solve your doubts as well as fix this error. Wishing you success!
