You're getting a 403 Forbidden error because Apache is configured to only allow localhost to access /server-status:

    Allow from 127.0.0.1 ::1

You can allow access from your IP address like this:

<Location /server-status>
    ...
    Allow from 127.0.0.1 ::1
    Allow from Your.IP.Address.Here
</Location>

As for the 404 error, it looks like Wordpress is trying to serve /server-status because of the rewrite rules. There should be a few RewriteCond lines in the .htaccess, add the following line below them:

RewriteCond %{REQUEST_URI} !=/server-status

OK with a lot of trial and error I solved it.

The rewrite rule apparently cannot be above or below the WordPress stuff in the .htaccess of the root and it has to be in the middle as shown below or at least this is the only way that has worked for me so far:

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d

# rewrite rule for server-status to prevent 404 error
RewriteCond %{REQUEST_URI} !=/server-status

RewriteRule . /index.php [L]
</IfModule>
# END WordPress

Also, I learned that for those of us running Cloud Flare (which is a lot, including digitalocean.com I noticed) you need to install the cloudflare mod or else limiting access by IP doesn't work. https://www.cloudflare.com/resources-downloads#mod_cloudflare

Perhaps Digital Ocean should consider adding mod_cloudflare to their stock WordPress one click install image and maybe others.

Thanks for the help.

Thanks for the reply. Adding this rewrite rule only makes it so www.mydomain.com/server-status is a "Forbidden" error instead of a 404.

This is what my /etc/apache2/mods-available/status.conf file says (I had already edited it):

        <Location /server-status>
                SetHandler server-status
                Order deny,allow
                Deny from all
                Allow from 127.0.0.1 ::1
                Allow from <my public IP>
        </Location>

I am trying to access it form the local host but I am still getting this forbidden error. Any other ideas?

Thanks.

Which .htaccess the one in the document root of the only vhost I'm running or the main document root or where?

This is the tail, looks like unrelated errors but any advice on that would be appreciated also.

[Tue Apr 14 00:01:59.167369 2015] [core:alert] [pid 28499] [client 199.27.128.162:42742] /var/www/html/mydomain.com/wp-content/cache/.htaccess: ExpiresActive not allowed here
[Tue Apr 14 00:11:20.591436 2015] [core:alert] [pid 28646] [client 199.27.133.250:57249] /var/www/html/mydomain.com/wp-content/cache/.htaccess: ExpiresActive not allowed here, referer: http://www.mydomain.com/tag/big-ass
[Tue Apr 14 00:11:30.955090 2015] [core:alert] [pid 28681] [client 199.27.133.220:39337] /var/www/html/mydomain.com/wp-content/cache/.htaccess: ExpiresActive not allowed here, referer: http://www.mydomain.com/tag/big-ass
[Tue Apr 14 00:11:41.287518 2015] [core:alert] [pid 28656] [client 199.27.128.152:38262] /var/www/html/mydomain.com/wp-content/cache/.htaccess: ExpiresActive not allowed here, referer: http://www.mydomain.com/tag/big-ass
[Tue Apr 14 00:11:51.618486 2015] [core:alert] [pid 28667] [client 199.27.128.162:20135] /var/www/html/mydomain.com/wp-content/cache/.htaccess: ExpiresActive not allowed here, referer: http://www.mydomain.com/tag/big-ass
[Tue Apr 14 00:12:01.967101 2015] [core:alert] [pid 28646] [client 199.27.128.132:19640] /var/www/html/mydomain.com/wp-content/cache/.htaccess: ExpiresActive not allowed here, referer: http://www.mydomain.com/tag/big-ass
[Tue Apr 14 00:12:12.334887 2015] [core:alert] [pid 28623] [client 199.27.128.152:18961] /var/www/html/mydomain.com/wp-content/cache/.htaccess: ExpiresActive not allowed here
[Tue Apr 14 00:12:22.668483 2015] [core:alert] [pid 28680] [client 199.27.128.162:23007] /var/www/html/mydomain.com/wp-content/cache/.htaccess: ExpiresActive not allowed here
[Tue Apr 14 00:12:33.019929 2015] [core:alert] [pid 28681] [client 199.27.133.250:9626] /var/www/html/mydomain.com/wp-content/cache/.htaccess: ExpiresActive not allowed here
[Tue Apr 14 00:12:43.358314 2015] [core:alert] [pid 28646] [client 199.27.133.220:35807] /var/www/html/mydomain.com/wp-content/cache/.htaccess: ExpiresActive not allowed here

I just replaced my actual domain with "mydomain" because I don't want the web crawlers to pick these up as links to follow.

These errors go back a couple of days before any of the changes above. They seem to happen at random intervals, they are clearly not happening for every visitor though. They show both referr as onsite URLs and things like http://www.google.com.ar. I haven't noticed any issues from the user side would allow one to tell these errors are happening.

Here is the .htaccess from the main document root on the only vhost I'm running right now. If you wanted something else please let me know.

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
# rewrite 404 for server status
# RewriteCond %{REQUEST_URI} !=/server-status
</IfModule>
# END WordPress

Thanks.

The above htaccess is wrong.

For enabling server-status on a Wordpress install, it should be:

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !=/server-status
RewriteRule . /index.php [L]
</IfModule>
# END WordPress