wp_version_check(), loopback 403 errors on new install

  • Resolved tamramc

    (@tamramc)


    4 years, 10 months ago

    I wiped out database, wiped out wordpress, installed brand new installation for testing trying to figure out these two errors. right now there are ZERO plugins installed and errors are still occurring. I checked file permissions, .htaccess has just standard WordPress info. This problem only began with Site Health addition, and other functionality was working fine (scheduling, saving/bookmarking).

    what prompted the wipe out/reinstall: SiteHealth is reporting failures for something that’s not even scheduled — email digest, which has been disabled for over 2-years, nothing scheduled.

    1. A plugin has prevented updates by disabling wp_version_check()

    2. Loopback requests are used to run scheduled events, and are also used by the built-in editors for themes and plugins to verify code stability.

    The loopback request returned an unexpected http status code, 403, it was not possible to determine if this will prevent features from working as expected.

Viewing 4 replies - 1 through 4 (of 4 total)
  • Thread Starter tamramc

    (@tamramc)

    UNBELIEVABLE! problem solved, it was ONE wrong line in .htaccess file, incorrectly formatted, never updated. FIXED. it was specifically related to <Limit GET HEAD POST> transferred from old installation. Once line removed, all was fine.

    Thread Starter tamramc

    (@tamramc)

    What fixed problem — but check your server for correct Apache name containers: <Limit> is 2.2, <Require> is 2.4

    // works //
    <Files .htaccess>
    Require all denied
    </Files>

    Require ip xxx.xxx.xxx.xxx
    Require ip xxx.xxx.xxx.xxx # if any other ip/CIDR or an entire range
    Require local # THIS is the most important thing — WordPress PLUGIN needs to not be blocked

    ErrorDocument 400 /file
    ErrorDocument 401 /file
    ErrorDocument 403 /file
    ErrorDocument 413 /file
    ErrorDocument 404 /file
    ErrorDocument 500 /file

    /// end works /// AND I LOVE THIS, SO MUCH EASIER, and simple with same security.

    This results in 403 error for unauthorized access. And after this site health actually reported GOOD JOB! with 0 issues found. What existed before (below) resulted consistently in wp_version_check() and loopback failures, including on FRESH install w/ zero 3rd party plugins, just WordPress and server.

    <Files .htaccess>
    order deny,allow
    deny from all
    </Files>

    <Limit GET POST> # now deprecated, may cause server errors. Require is the new Limit — see link below
    order deny,allow
    allow from xxx.xxx.xxx.xxx
    allow from localhost # THIS didn’t satisfy WordPress, because see link below
    # allow from xxx.xxx.xxx.xxx/xx
    deny from all
    </Limit>

    <Limit PUT DELETE>
    order allow,deny
    deny from all
    # allow localhost here could fix the problem on some servers, but find out your server version software and see link below if 2.4 as ours is.
    </Limit>

    https://httpd.apache.org/docs/2.4/mod/mod_authz_core.html#requireany

    So, what WordPress developers need to do, hardcode comment for require localhost or info to allow calls from host to update as needed. Because of so many brute force login hackers, most all wp-admin directories are password protected and include a variety of security options. But w/o “Require local” some functionality will fail: scheduling and other tasks.

    • This reply was modified 4 years, 10 months ago by tamramc.

    I’m just facing the same issue. Would you please elaborate the process how you solved your issue?

    Thread Starter tamramc

    (@tamramc)

    No problem: but I don’t know if you’re using Apache’s latest version 2.4 vs older version.

    If you have block options set w/in .htaccess file, you’ll need to change permissions so that authorized admin options aren’t blocked.

    but what worked for me, which generated in “Great Job!” success from Tools – Site Health

    <Files .htaccess>
    Require all denied
    </Files>

    Require all denied
    Require ip xxx.xxx.xxx.xxx <<– note this is your ip address and this repeat line for IPs required
    Require local

    ErrorDocument 400 /error_document_location
    ErrorDocument 401 /error_document_location
    ErrorDocument 403 /error_document_location
    ErrorDocument 413 /error_document_location
    ErrorDocument 404 /error_document_location
    ErrorDocument 500 /error_document_location

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘wp_version_check(), loopback 403 errors on new install’ is closed to new replies.