Question

Wordpress one-click installation: wp-admin suddenly 403 Apache Forbidden

I have had a one-click Wordpress droplet running for about a year without issue. Overnight something has gone wrong and I cannot access wp-admin anymore.

The front end and non admin accounts work fine https://3d.plus/

However, anything in the admin areas I get:

Forbidden You don’t have permission to access this resource.

Apache/2.4.41 (Ubuntu) Server at 3d.plus Port 443

.htaccess

I have tried removing the .htaccess file, this does not help and wordpress generates a new one instantly on website load.

plugins

I disabled all plugins by changing the plugins folder name, the site looks awful but no change to access

plugins & .htaccess

I also disabled all plugins and then removed the .htaccess file incase a specific plugin was writing a problematic rule, still no luck

Apache Logs

If I access the error log after trying to access the admin area I get:

[access_compat:error] [pid 1332] [client MYIPADDRESS] AH01797: client denied by server configuration: /var/www/html/wp-admin/index.php

I also then, following some research, used this command to ensure file/folder ownership

sudo chown -R www-data:www-data /var/www/html/wp-admin

Spam Users

The only other thing that did happen last night which was unusual is that I got 3 spam account registrations on the website. All using 1 minute email type services and resetting their password almost instantly but nothing else.

I’d like to think this is coincidence but worth noting. I use google 2FA on admin login for added security and have not observed any other issues that would make me suspicious. My admin account is still able to login on the front end as normal too.

So following all of this I am running out of ideas and places to turn. Any help or suggestions would be greatly appreciated.

Submit an answer
Answer a question...

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

KFSys
Site Moderator
Site Moderator badge
December 28, 2022

Hello all,

Usually, when you get such an error, there are 3 main things to check.

  • Check if your permissions are correct. Usually, they are 755 for folders and 644 for files

  • Check if your file ownership is correct. It should be one that Apache2/Nginx can read

  • Make sure there aren’t any firewall rules that are preventing you from loading the website.

Once you exclude all of the above, you can check if your domain is pinging from the proper place or your .htaccess(if using Apache2) is configured properly.

Bobby Iliev
Site Moderator
Site Moderator badge
December 26, 2022

Hi there,

In addition to what you’ve tried already, there are a few things you can try to troubleshoot this issue:

  • Check the permissions on the wp-admin directory and its contents. Make sure that the web server user (usually www-data on Ubuntu) has the necessary permissions to access the files in this directory. You can use the chown command to change the ownership of the wp-admin directory and its contents, as you mentioned.

  • Check your WordPress configuration. Make sure that the WP_DEBUG constant is set to false in your wp-config.php file, and that the DISALLOW_FILE_EDIT constant is not set to true.

  • Check for any .htaccess files inside the wp-admin directory itself

Best,

Bobby