Roar at us
Make it loud and proud - let us know exactly what we can do to help you!
Incorrect
<IfModule mod_rewrite.c> RewriteEngine On RewriteBase / #RewriteRule ^index\.php$ - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] </IfModule>
Correct
<IfModule mod_rewrite.c> RewriteEngine On RewriteBase /~cpanelusername/ #RewriteRule ^index\.php$ - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /~cpanelusername/index.php [L] </IfModule>
Everything fixed right? Haha. It’s never that easy. I visit /wp-admin/ and hey, it’s my familiar and juicy pal, 403 Permission Denied, still locking down that ever useful admin area.
All right so, it’s got to be plugins causing this. If it’s not .htaccess, it’s always plugins. I pop into cPanel’s file manager, create a new directory inside of /wp-content/plugins/ called ‘!Disabled’ and drag all of the plugin folders in there. Refresh the /wp-admin/ part of the website. Can I crack open the melon yet? Nope, 403: Permission Denied.
I start digging into the error_log, a file in WordPress’ public_html directory that often tells you when things fail. But there are no entries dated the same day… the mystery deepens. Where do you even go next to figure this sort of thing out?
When it’s beyond the end user
This is probably where things stop for anyone with limited access to their website. Things are about to get mildly server admin-y.
So, the cause for this particular problem could be found in /usr/local/apache/logs/error_log – a real pain in the tail for your average end user to find.
An easier way than diving into connecting to a scary monochrome terminal is to hop into WHM (usually found at http://yourserverhostname:2087 or http://123.456.789.10:2087/ with your web host’s provided IP address) and find ConfigServer Security & Firewall (CSF) using the search function. You’re very much forgiven if things sound complex at this point.
If CSF is installed, you’re in luck. It has a wonderful ‘Watch System Logs’ feature, which lets you see what errors are cropping up in real time.
So I went with the first log because the most important errors will show up in here. It was ModSecurity. We’re deep in now aren’t we. I won’t go into details but suffice to say, when this happens the quickest fix is to disable the rule. This can be done by finding the ID listed in the error, which looks like this, with a much less fakey number: [id “1234500”]
This ID can then be searched for via ModSecurity Tools -> Rules List. Hitting ‘Disable’ will stop the offending rule from running. Of course ModSecurity is important protection, so always consider debugging further rather than disabling too many rules. It would be great to find the unique combination of theme, plugins and user action that caused the rule to be triggered right away, but we live in a fast paced world, don’t we?
That level of investigation’s getting into testing server territory, which is thoroughly in the web hosting space – something we handle in the background for our clients. WordPress does encounter false positives with ModSecurity sometimes, so you’d be forgiven for disabling a few rules over time.
Anyway, having disabled the rule I found the 403: Forbidden Fruit, and ate it. Ben’s in good hands with this sort of thing, and you should be too.
If you find yourself stuck with cPanel and no WHM access and you tried the initial steps, have a chat to your web host. They’ll fix it for you. And on the off chance they can’t, or if you have any quirky issues of your own like this, have a chat to us. We’ll host your website and deal with issues like this with a snap of our claws.
bringing you the best, without all the overheads
real agency and industry history behind our staff
talk directly to our head expert, no waiting or receptionists
we’ll think outside the box to reach your hosting dreams
we keep a watchful eye on our tickets and get back to you fast
excellent, industry standard web hosting
individual accounts in WHM, done smart
a budget-friendlier cPanel alternative
Own a business in Perth? Need web hosting? Perth is where you should look for it, and Scriptylion is based here – offering Australian servers….
So you know all about SSL. You need it for your website, because if you don’t have it, Chrome is going to show an error…
If email were a kitten, he’d be slacking and scratching stuff instead of doing what he’s told. Email is such a long standing tradition that…
Make it loud and proud - let us know exactly what we can do to help you!