A classic 403 Forbidden error, but much more difficult

Question

I'm currently trapped outside my website and despite having access to FTP and changing the .htaccess rules (or deleting) it doesn't help.

The site is a WordPress Website, so I might need help in identifying corners in WordPress where other files might have been modified.

The problem started with a plugin wp-simple-firewall I have my post here (https://wordpress.org/support/topic/403-forbidden-forceoff-didnt-help?replies=1#post-7283293).

everything on the website is accessible, except everything on "wp-admin" folder everything in it (/wp-login.php works but when I get to places like [domain]/wp-admin/post.php etc. it goes to 403).

What I did at first was backup the htaccess file, and then deleted it. (No luck)

The next one, I deleted the plugin folder (No luck)

I then looked into the plugin's author suggestion to make a file "forceOff" on the plugin directory. (No Luck)

I tried all suggestions online to fix 403 lockouts and still no luck with any of them.

I'm actually suspecting that some sort of caching plugin is retaining some files that shouldn't be loaded and it's display 403 for me even though it shouldn't.

This is what the icwp_wpsf_firewall_options look like which pertains to the plugin in question under wp_options table of WordPress:

a:16:{s:13:"ips_blacklist";
a:0:{}s:21:"page_params_whitelist";
a:0:{}s:14:"block_response";
s:20:"redirect_die_message";
s:22:"current_plugin_version";
b:0;
s:15:"enable_firewall";
s:1:"Y";
s:21:"include_cookie_checks";
s:1:"N";
s:19:"block_dir_traversal";
s:1:"Y";
s:17:"block_sql_queries";
s:1:"Y";
s:21:"block_wordpress_terms";
s:1:"N";
s:22:"block_field_truncation";
s:1:"Y";
s:14:"block_php_code";
s:1:"N";
s:22:"block_exe_file_uploads";
s:1:"N";
s:20:"block_leading_schema";
s:1:"N";
s:16:"block_send_email";
s:1:"N";
s:16:"whitelist_admins";
s:1:"N";
s:21:"ignore_search_engines";
s:1:"N";}

This is the current .htaccess content:

<IfModule mod_security.c>
SecFilterEngine Off
SecFilterScanPOST Off
</IfModule>

Here are the Last Error Logs in cPanel. There are 300 errors but most of them look the same and all under the 8:00:00 hour. The time now is 12:00:00:

2015-08-11 08:34:18.108 [INFO] [###.###.3.163:42779] File not found [/home/***/public_html/403.shtml] 
2015-08-11 08:32:46.674 [INFO] [###.###.3.191:16694] File not found [/home/***/public_html/404.shtml] 
2015-08-11 08:32:46.674 [INFO] [###.###.3.191:16694] File not found [/home/***/public_html/architecture] 
2015-08-11 08:32:37.429 [INFO] [###.###.2.6:38407] File not found [/home/***/public_html/404.shtml] 
2015-08-11 08:32:37.429 [INFO] [###.###.2.6:38407] File not found [/home/***/public_html/perth-drafting-services/]

(directory info and IP withheld)

Note that the .htaccess file has been copied to both root directory (public_html) and public_html/wp-admin

It's very frustrating :(

Could this be a permissions issue if the plugin, upon install, changed the permissions of _wp-admin_? — ŽaMan, Aug 11 '15 at 02:24
The permissions on the folder wp-admin is still 644. Changing it to 777 still didn't solve it. Should it be different? — vm7488, Aug 11 '15 at 02:26
There is also a possibility that a previously uninstalled plugin, WordFence Security, is causing issues. But no, other than some left over database tables I don't think it shouldn't. Should it? — vm7488, Aug 11 '15 at 02:48
@vm7488 you could be on a blacklist table, you should check what tables are left over from the security plugin. — Jesse Kernaghan, Aug 11 '15 at 02:51
How do I do that? Where do I see this blacklist table? (note, I already edited and also deleted the htaccess file). — vm7488, Aug 11 '15 at 02:58
Sorry I took a while, your blacklist data might be stored in the mysql **table `wp_options`** with _`option_name`_ : `icwp_wpsf_firewall_options` and the _`option_value`_ looks to be a serialized `php` array. Inside the array is a key named `ips_blacklist` — ŽaMan, Aug 11 '15 at 03:10
I'll go try and look at that, and see what happens. Thanks a bunch. — vm7488, Aug 11 '15 at 04:03
I found the options and the array key... is it safe to delete this? — vm7488, Aug 11 '15 at 04:07
Okay, I changed some settings on the array, like the line "enable_firewall";s:1:"Y"; to "enable_firewall";s:1:"N"; The line looks like it's blank a:16:{s:13:"ips_blacklist";a:0:{}s:21: — vm7488, Aug 11 '15 at 04:12
This is what I have from a fresh install of the plugin on a fresh install of wordpress `a:5:{s:13:"ips_blacklist";s:0:"";s:21:"page_params_whitelist";s:0:"";s:14:"block_response";s:20:"redirect_die_message";s:22:"current_plugin_version";b:0;s:15:"enable_firewall";s:1:"N";}` — ŽaMan, Aug 11 '15 at 04:22
You write: "...make a file "forceOff" on the plugin directory". This should be the plugin's folder in the plugin directory: /wp-content/plugins/wp-simple-firewall/forceOff. — Axel, Aug 11 '15 at 04:22
That's what I did at first in my original question and it's still not working. (Quote me: "I then looked into the plugin's author suggestion to make a file "forceOff" on the plugin directory.") — vm7488, Aug 11 '15 at 04:29
Changing it to the value as if it was freshly installed didn't help :( some sort of problem with calling [public_html]/wp-admin is really doing those 403 errors. If not .htaccess...what else? — vm7488, Aug 11 '15 at 04:35
try this: 1) create a new folder called `wp-admin-copy` and `move` all contents of the `wp-admin` folder into the new folder. Add some text in a new `index.php` file (like ``) inside the now empty `wp-admin` folder and see if you still get `403`; also see if visiting `wp-admin-copy` causes a `403` — ŽaMan, Aug 11 '15 at 22:19
I will try that at non-peak hours of the website. I also noticed that an exact copy of the current database running on a staging server with DIFFERENT files—wp-admin works (the files are actually fresh wordpress install with same plugins from live). It's something in that whole public_html folder and likely the wp-admin folder could be the culprit. — vm7488, Aug 12 '15 at 06:13

A classic 403 Forbidden error, but much more difficult

0 Answers0