By kanepowley
I have had a one-click Wordpress droplet running for about a year without issue. Overnight something has gone wrong and I cannot access wp-admin anymore.
The front end and non admin accounts work fine https://3d.plus/
However, anything in the admin areas I get:
Forbidden You don’t have permission to access this resource.
Apache/2.4.41 (Ubuntu) Server at 3d.plus Port 443
.htaccess
I have tried removing the .htaccess file, this does not help and wordpress generates a new one instantly on website load.
plugins
I disabled all plugins by changing the plugins folder name, the site looks awful but no change to access
plugins & .htaccess
I also disabled all plugins and then removed the .htaccess file incase a specific plugin was writing a problematic rule, still no luck
Apache Logs
If I access the error log after trying to access the admin area I get:
[access_compat:error] [pid 1332] [client MYIPADDRESS] AH01797: client denied by server configuration: /var/www/html/wp-admin/index.php
I also then, following some research, used this command to ensure file/folder ownership
sudo chown -R www-data:www-data /var/www/html/wp-admin
Spam Users
The only other thing that did happen last night which was unusual is that I got 3 spam account registrations on the website. All using 1 minute email type services and resetting their password almost instantly but nothing else.
I’d like to think this is coincidence but worth noting. I use google 2FA on admin login for added security and have not observed any other issues that would make me suspicious. My admin account is still able to login on the front end as normal too.
So following all of this I am running out of ideas and places to turn. Any help or suggestions would be greatly appreciated.
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
Hi there,
In addition to what you’ve tried already, there are a few things you can try to troubleshoot this issue:
-
Check the permissions on the
wp-admin directoryand its contents. Make sure that the web server user (usuallywww-dataon Ubuntu) has the necessary permissions to access the files in this directory. You can use thechowncommand to change the ownership of thewp-admindirectory and its contents, as you mentioned. -
Check your WordPress configuration. Make sure that the
WP_DEBUGconstant is set to false in yourwp-config.phpfile, and that theDISALLOW_FILE_EDITconstant is not set to true. -
Check for any
.htaccessfiles inside thewp-admindirectory itself
Best,
Bobby
Hello all,
Usually, when you get such an error, there are 3 main things to check.
-
Check if your permissions are correct. Usually, they are 755 for folders and 644 for files
-
Check if your file ownership is correct. It should be one that Apache2/Nginx can read
-
Make sure there aren’t any firewall rules that are preventing you from loading the website.
Once you exclude all of the above, you can check if your domain is pinging from the proper place or your .htaccess(if using Apache2) is configured properly.
Become a contributor for community
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
DigitalOcean Documentation
Full documentation for every DigitalOcean product.
Resources for startups and SMBs
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
The developer cloud
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Get started for free
Sign up and get $200 in credit for your first 60 days with DigitalOcean.*
*This promotional offer applies to new accounts only.