You don’t have permission to access /wp-admin/themes.php on this server

  • Some background:

    I setup six blogs this week, all using WordPress 2.92, installed with Fantastico on a baby croc plan with Hostgator.

    I used the same theme (heatmap 2.5.4) and plugins for each blog.

    They were all up and running, no issues at all.

    I go to create a new blog this morning, using the same setup, and when I try to change the theme settings, I get the following error:

    Forbidden

    You don’t have permission to access /wp-admin/themes.php on this server.

    Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
    Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.8n DAV/2 mod_fcgid/2.3.5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Server at https://www.mydomain.com Port 80

    I tried uninstalling WP and doing a clean install, still the same issue with a clean installation.

    So I went back and checked the six other blogs that I had setup over the last week or so, and they are also now giving me 403 or 404 errors when trying to change theme settings, and everytime there’s an error it points to either themes.php or functions.php

    At this point I’m at my wits end trying to figure out what the problem is. Hostgator support looked at it and thought maybe it was a permissions issue but they reset those and I’m still having the problem.

    At first I thought the problem might have been related to a plugin I recently installed on the previous six blogs that morning (ByREV Fix Missed Shedule Plugin) to deal with a missed schedule bug with WP 2.92, and that maybe that had mucked things up. But then I checked a blog I built months ago, also using the same theme and plugins, and now it too is also encountering the same problem.

    Any ideas? I tried deleting my htaccess, uploading a blank one, uploading one with this snippet I found on the hostgator forum:

    # BEGIN WordPress
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
    </IfModule>

    # END WordPress

    Nothing has worked. I still get 403 or 404 errors everytime. Everything was working perfectly yesterday so I know this setup DOES WORK, I’ve just mucked something up somewhere and I’m clueless what it is. Any help would be greatly appreciated!

Viewing 7 replies - 1 through 7 (of 7 total)

  • I just encountered this same problem today with blog software I use from Pro Photo Blogs (by Netrivet) and I’m also hosting with Host Gator. I bet they’ve goofed something up.

    Thread Starter soltzer

    (@soltzer)

    I’m starting to think that’s the issue, but when I spoke to them they insisted it must be an issue with the theme, even though I setup a blog with that exact theme just yesterday with identical settings and it was working perfectly until today, as were other blogs using the same theme and now they are all mysteriously broken.

    Yeh I bet they broke something.

    (they just fixed mine claiming an error with the server they had to correct.)

    Thread Starter soltzer

    (@soltzer)

    Just to follow up, tech support at HostGator was able to track down the problem. If you’re getting those errors, just go to support and tell them:

    Just let them know you need the rule 340163 whitelisted for domain.com as its hitting a mod_sec rule.

    Apparently you will need to do have them do this for each domain you’re experiencing the issue on, but it works.

    I had this same problem and I contacted Hostgator support and they whitelisted the domain and that didnt work.

    But, then he checked the permissions of my theme and it was apparently set incorrectly. He corrected it and all is fine again.

    What actually may have happened – you like most broadband users are on dynamic DHCP ip address allocation which changes periodically after 1-3 days depending upon your ISP ‘ip lease period’ provided to you… your computer’s ip address on the internet CHANGES, and if your htaccess file within your wp-admin folder has allowed ‘permission’ only from certain ‘designated ip’ address(es) which now could be different than your just RECENTLY changed NEW dhcp dynamic IP address for your computer – bingo!!!… all your folders in your open ftp window go blank and your computer screen currently open to the WordPress dashboard all of the sudden broadcast error messages!

    This is exactly what happened to me while working in the opened WordPress dashboard doing some updates etc. My computer’s internet ip address changed while WordPress dashboard was open.

    So… first you check your current computer dhcp dynamic ip address (if you have a static ip address – then this is NOT the problem nor the following the fix) –
    https://what ismyip.com and then ftp in and check your htaccess file within your wp-admin folder for the ip address match.

    If the ip addresses do NOT match – update your htccess file with the current ip address you just acquired from whatismyip.com, save the NEW ip changes in your htaccess file and you should be good to go for the next 1-3 days etc.

    If you do NOT understand what this all means – by all means contact your web host and let them make the changes. Otherwise this is a 5-10 minute change depending upon how efficient you work, and it is a very small price to pay for the added security it provides from prying eyes or a webbot trying to unload malicious script or trying to hack your site and cost you much more grief and down time than the mere 5 minutes the above procedure takes.

    Google ‘WordPress security’ and learn to understand the NEW security measures taking place NOW – as the hackers are attacking WordPress fast and furiously, and unless you button down your WordPress site – it’s NOT if, but WHEN your WordPress site will be hacked and brought down… or even worse.

    It’s getting bad out there and the fun is lost fast from a serious hack – so backup your WordPress database NOW, as well as backup your clean hack-free wp-content folder, BEFORE disaster strikes !!!

    Happy secure WordPress blogging!!!

    [email protected] – if you need addt’l assistance with WordPress security and/or bringing back to life a hacked blog for a small fee.

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘You don’t have permission to access /wp-admin/themes.php on this server’ is closed to new replies.