WordPress Admin Dashboard is not displayed properly on a website hosted in Plesk: "access forbidden by rule" or "client denied by server configuration"

Symptoms

• WordPress Admin Dashboard is not displayed properly: layout is broken, css/js scripts are not loaded.

• One of the following error messages appear in domain's log at Domains > example.com > Logs:

  CONFIG_TEXT: access forbidden by rule, client: 203.0.113.2, server: example.com, request: "GET /wp-admin/load-scripts.php?... HTTP/2.0", host: "example.com", referrer: "https://example.com/wp-admin/update-core.php"

  CONFIG_TEXT: AH01630: client denied by server configuration: /var/www/vhosts/example.com/httpdocs/wp-admin/load-scripts.php, referer: https://example.com/wp-admin/

  CONFIG_TEXT: 403    GET /wp-admin/load-styles.php

  CONFIG_TEXT: 403    GET /wp-admin/load-scripts.php

  If LiteSpeed is used instead of Apache, the following error message appears in /var/www/vhosts/example.com/logs/error_log:

  CONFIG_TEXT: [ACL] Access to context [/wp-admin/] is denied!

• Browser DevTools (F12) > Console tab shows that load-styles.php and/or load-scripts.php cannot be processed by a web-browser with a 403 Forbidden error.

Cause

JavaScript conflict in WordPress theme or plugin.

Resolution

1. Log in to Plesk.
2. Go to Domains > example.com > WordPress tab > click Apply critical security measures (under Security).

3. On the Security Status page, select the option Disable scripts concatenation for WordPress admin panel and click Secure.

   Note: If the Secure button is grayed out, select the option Disable scripts concatenation for WordPress admin panel and click Revert. Then secure again.

   
    
    

Other options to disable scripts concatenation for WordPress admin panel via wp-config.php:

Note: In some cases, website code may require the CONCATENATE_SCRIPTS option to be enabled. In this case, revert the security option Disable scripts concatenation for WordPress admin panel or remove this directive from wp-config.php.