403 Error when accessing Admin panel

  • Resolved gosilver01

    (@gosilver01)


    10 months ago

    Hi,

    I recently set up a Cloudflare SSL certificate for my website. However, after trying to log in to the Admin panel, I encountered a “404 Not Found” error.

    To regain access, I temporarily disabled the AIOS plugin on the server by changing the folder name, which allowed me to log in again.

    Afterward, I disabled the “Rename login page” feature in the “Brute Force > Rename login page settings” of the AIOS plugin and updated it to version 5.3.

    However, upon attempting to log in again, I encountered a “403 Forbidden” error. Despite disabling the AIOS plugin on the server, and unchecking both the “Bad Query, Advanced character string filter” and “Whitelist” options, the issue persists.

    I would appreciate any guidance on resolving this 403 error so that I can regain access to the Admin panel without having to disable the AIOS plugin on the server.

    Thank you.

Viewing 10 replies - 1 through 10 (of 10 total)
  • Plugin Support hjogiupdraftplus

    (@hjogiupdraftplus)

    Hi @gosilver01

    can you please add below constant in wp-config.php to cross check it if is due to AIOS Firewall settings or any issue?

    define( 'AIOS_NO_FIREWALL', true);

    Also, make sure you have Cloudflare SSL type Full not flexible making any issue.

    Regards

    Thread Starter gosilver01

    (@gosilver01)

    I don’t have permission to access to the wp-config.php file.

    Should I delete AIOS and install again?

    Thread Starter gosilver01

    (@gosilver01)

    What is the Advanced Settings > Allow List in the Firewall tab?

    Can I enter my IP?

    I also find 2 whitelist in AIOS, one is in the Brute Force and the other is in the User Security.

    What are the differences? Should I enter the same IP list in both page?

    Plugin Support hjogiupdraftplus

    (@hjogiupdraftplus)

    Hi @gosilver01

    If Firewall rules is making issue to whole site you can add our IP address ( if it is static ) to Advanced Settings > Allow List.

    Bruteforce > Login whilte list will allow you to add IP adress and login page willl be accessible from that IP address, IF you have static IP to secure login page you should enable it.

    User security > Login lockout tab – whitelisted IPs will not be locked out if invalid login attempts are there from that IP visitor.

    Thread Starter gosilver01

    (@gosilver01)

    Anyway, I added my static IP address to above 3 places and I went to Settings > Advanced settings and then changed to “HTTP_CF_CONNECTION_IP.” (<-is this ok?)

    Then, I entered url like “my domain name/wp-admin” but I 403.

    I went to the Brute Force > 404 detection. I can see my IP6 there. but “Attempted URL” field says that “/wp-content/plugins/elementor/assets/lib/swiper/v8/swiper-bundle.min.js.map”.

    Is this info helpful to you?

    There are also other many IP addresses try to use my deleted “Rename Login page.”

    What else I can try to solve 403 error?

    Thread Starter gosilver01

    (@gosilver01)

    Can anyone advise me?

    Plugin Support hjogiupdraftplus

    (@hjogiupdraftplus)

    Hi @gosilver01

    HTTP_CF_CONNECTION_IP is generally used if you have cloudfalre used you can cross check if it is matching with https://whatismyipaddress.com/ then it is ok.

    https://snipboard.io/1kOhfE.jpg

    If you have WP security > Brute force > Login white list on then also it may show the 403 error.

    add below constant in wp-config.php and you may add WP File manager plugin to access wp-config.php in the root of WordPress instealled. 

    define( 'AIOS_DISABLE_LOGIN_WHITELIST', true );

    Regards

    Thread Starter gosilver01

    (@gosilver01)

    There are 3 places for whitelist.

    Firewall tab > Advanced Settings > Allow List

    User security > Login lockout tab

    Brute force > Login whilte list

    Is it ok to disable only “WP security > Brute force > Login white list”?

    Will disabling it achieve the same result as the code (for wp-config) you provided above?

    Plugin Support hjogiupdraftplus

    (@hjogiupdraftplus)

    Hi @gosilver01

    Yes as you have 403 error for the admin area, which is generally due to login whitelist. you can disable only “WP security > Brute force > Login white list” and check

    If it is due to Firewall all site pages will show 403 error. and login lockout will redirect to 127.0.0.1

    Regards

    Thread Starter gosilver01

    (@gosilver01)

    Thanks!

Viewing 10 replies - 1 through 10 (of 10 total)
  • The topic ‘403 Error when accessing Admin panel’ is closed to new replies.