Hi @zahid88!
The problem on your website is caused by a firewall ( probably ModSecurity ) that blocks requests when they contain certain strings, more specifically “.profile”:
https://nextendweb.com/nextend-social-login-docs/google-403-and-404-errors/
With ModSecurity this is actually a very common problem, as they have this string on their black list, however one of the scopes that Google uses:
https://www.googleapis.com/auth/userinfo.profile
also contains that “.profile” string, which means the OAuth requests of Google will be blocked.
You can actually reproduce this problem easily, even without Nextend Social Login. You just need to open the /wp-login.php page with the .profile string appearing in a GET parameter’s value:
The page will be blocked and will return a (403) forbidden error. But if you make it no longer contain the blacklisted “.profile” string, e.g. you remove the last “e” character:
that will load the /wp-login.php page just fine.
So to fix the problem, you should get in touch with your host and ask them to disable the rule that causes the problem. They have an error log that contains all kinds of error messages, including the ones triggered by the firewall. And that should contain the rule ID that causes this error. Once that rule is removed, the problem will no longer occur.
