Wordpress wp-admin stopped being accessible - "Forbidden You don't have permission to access this resource."
I have a WordPress instance that was working fine, and for the public it still does, but for some reason when I go to /wp-admin now, I get
Forbidden
You don't have permission to access this resource.
Not sure how/if permissions got changed but do you know what permissions should be on files and directories here?
It's on Ubuntu latest LTS with VirtualMin hosting panel.
Thank you!
Forbidden
You don't have permission to access this resource.
Not sure how/if permissions got changed but do you know what permissions should be on files and directories here?
It's on Ubuntu latest LTS with VirtualMin hosting panel.
Thank you!
Paul Sauvé
you may have changed a password - contact your Web Hosting Service, they should be able to help
It sounds like you're getting an HTTP error 403, which generally means the file or folder permissions aren't adequate for the URL to be displayed. Looking at one of my standard WordPress installations, the wp-admin folder (and typically all other folders in a WordPress install) of your WordPress by default should have 755 permissions, and files should have 644 permissions, except for wp-config.php, which typically has 600 permissions. Does that help?
An htaccess file can also deny permission, which can sometimes be linked to a feature of a WordPress plugin .
Provide the info...
1) Your site URL.
2) If index.php + wp-config.php are both clean or have an include to a .ico file near the top of the file.
3) If you changed anything on your site or just out of the blue this problem began occurring.
Knowing these answers gives good clues as to the next step.
1) Your site URL.
2) If index.php + wp-config.php are both clean or have an include to a .ico file near the top of the file.
3) If you changed anything on your site or just out of the blue this problem began occurring.
Knowing these answers gives good clues as to the next step.
ASKER
1) https://www.ismrgv.org
2) index.php + wp-config.php seem both clean
3) It just seemed like it happened out of the blue when this problem began occurring.
2) index.php + wp-config.php seem both clean
3) It just seemed like it happened out of the blue when this problem began occurring.
Aside: Okay... here's at least one problem... maybe related, likely unrelated, best fixed now...
The ZeroSSL issuance chain is either broken or unsupported in some browsers.
The SSL Labs tester understands the chain.
Latest version of curl doesn't, which suggest something is wrong with the chain.
Fix: Replace your ZeroSSL cert with a free https://LetsEncrypt.org cert to ensure all browsers see site, as you expect it to be seen.
The ZeroSSL issuance chain is either broken or unsupported in some browsers.
The SSL Labs tester understands the chain.
Latest version of curl doesn't, which suggest something is wrong with the chain.
Fix: Replace your ZeroSSL cert with a free https://LetsEncrypt.org cert to ensure all browsers see site, as you expect it to be seen.
https://www.ismrgv.org - renders correctly for me. No 403 error.
Both wp-admin + wp-login.php return a 403, as you're seeing.
Since both these files are PHP files, rather than physical filesystem entities, this is almost surely a hack of some sort... so long as nothing else has changed...
So first mention if anything has changed on the site, no matter how seemingly insignificant.
Also attach copies of your wp-login.php file + .htaccess file + the output of...
Both wp-admin + wp-login.php return a 403, as you're seeing.
Since both these files are PHP files, rather than physical filesystem entities, this is almost surely a hack of some sort... so long as nothing else has changed...
So first mention if anything has changed on the site, no matter how seemingly insignificant.
Also attach copies of your wp-login.php file + .htaccess file + the output of...
find /site-install-directory -lsASKER
wp-login.php file + .htaccess file + the output of... find /site-install-directory -ls
Thanks David, sorry so late... out of town for work...
Attached I've zipped all 3 of these items into one package. Had to add a file extension to the htaccess file otherwise EE wouldn't take it.
You're right, definitely hacked! Thanks for your help!EE_ismrgv.zip
Thanks David, sorry so late... out of town for work...
Attached I've zipped all 3 of these items into one package. Had to add a file extension to the htaccess file otherwise EE wouldn't take it.
You're right, definitely hacked! Thanks for your help!EE_ismrgv.zip
1) wp-login.php seems clean (no hacks)
2) .htaccess seems correct
3) All dir/file permissions + ownership seems correct
Likely next step is for you or whoever does your tech to ssh into your machine + work this at the command line level, looking at log files + running process uid/gid (like Apache + FPM PHP).
Said another way, this problem seems to be outside WordPress.
I say "seems" because ssh access is required to determine this for sure.
2) .htaccess seems correct
3) All dir/file permissions + ownership seems correct
Likely next step is for you or whoever does your tech to ssh into your machine + work this at the command line level, looking at log files + running process uid/gid (like Apache + FPM PHP).
Said another way, this problem seems to be outside WordPress.
I say "seems" because ssh access is required to determine this for sure.
ASKER
Got it. And I do the tech, but day job is 99% in the Identity and Access Management arena and I'm just helping friends out with website stuff on the side.
I'll start looking thru logs etc.
Thank you so much!
I'll start looking thru logs etc.
Thank you so much!
Helping friends with tech... can easily... go sideways...
Best to have your friend post their own question on EE or have them hire someone to help them.
This type of problem is trivial to fix for someone who works on sites all day, every day...
Complex to fix trying to have a non-techie (your friend sounds non-techie) try to fix this by way of multi party advice (EE -> you -> friend).
Best to have your friend post their own question on EE or have them hire someone to help them.
This type of problem is trivial to fix for someone who works on sites all day, every day...
Complex to fix trying to have a non-techie (your friend sounds non-techie) try to fix this by way of multi party advice (EE -> you -> friend).
ASKER
I get it. But you're right she's non-tech but a close friend. She would have no idea what to post on EE.
Likely best if she hires someone to fix this for her.
As mentioned above, likely a trivial fix for someone who does this type of work all day, every day.
There's really no way to "crystal ball" or "divine" for a solution to this type of problem.
What's required is step-by-step debugging, starting with whatever she (or someone) has changed on her site... because...
Software rarely just stops working. There's almost always some human action triggering problems.
As mentioned above, likely a trivial fix for someone who does this type of work all day, every day.
There's really no way to "crystal ball" or "divine" for a solution to this type of problem.
What's required is step-by-step debugging, starting with whatever she (or someone) has changed on her site... because...
Software rarely just stops working. There's almost always some human action triggering problems.
ASKER
Are you for hire David?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.