The question:
My site was running well last summer. But today when I tried to make updates in the wp-admin section, I got lots of 403 errors on all PHP files: load-styles, load-scripts, edit.php, media-new.php, etc… The interesting thing is that the front-end of my site has no problems.
Screenshot:
- I’ve read a few articles suggesting I disable plugins. I tried it, but it does not fix anything.
- Then I tried deleting my
.htaccessfile, and this does fix the wp-admin section, but it breaks the front-end, and now I get 403 errors on the homepage! It’s like I can only get one or the other. After about 5 minutes, WordPress automatically creates a new.htaccessfile, and we’re back to square one.
What permissions and settings should I set on .htaccess so I can run both my front-end and wp-admin sections without 403 Forbidden errors? This is what it looks like now:
<FilesMatch ".(py|exe|php)$">
Order allow,deny
Deny from all
</FilesMatch>
<FilesMatch "^(about.php|radio.php|index.php|content.php|lock360.php|admin.php|wp-login.php)$">
Order allow,deny
Allow from all
</FilesMatch>
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
The Solutions:
Below are the methods you can try. The first solution is probably the best. Try others if the first one doesn’t work. Senior developers aren’t just copying/pasting – they read the methods carefully & apply them wisely to each case.
Method 1
You appear to be denying access to PHP files, which would explain why you are denied access to PHP files:
<FilesMatch ".(py|exe|php)$">
Order allow,deny
Deny from all
</FilesMatch>
What is the purpose of this?
All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0