WordPress admin dashboard is not displaying properly on Plesk server: Access forbidden by rule

Follow

Comments

6 comments

  • Avatar
    Peter Debik

    The solution works, but the cause might be wrong. We have seen this symptom on several customer installations that were completely fresh installs done by the WP Toolkit. The symptoms start once the security measures are applied. Reverting security measures however do not fix the issue. So probably there is a different cause that is causing this to happen on fresh WP installs.

  • Avatar
    Alisa Kasyanova

    @Adi Pircalabu
    Thank you for your message. Sometimes "Disable scripts concatenation for WordPress admin panel" security measure can affect the administrator panel. I suggest checking whether admin dashboard will work with all other measures on except this one.

  • Avatar
    Adrian Boldor (Edited )

    I can confirm that this problem appears on fresh Wordpress installs thru Wordpress Kit. The workaround is not a solution, especially since it manifests on shared servers, we need a fix as soon as possible. Is there at least a server wide workaround?

  • Avatar
    Adi Pircalabu

    Had a simular issue with a clients site over the weekend.  No CSS in wp-admin on clean wordpress install + SSL.

     

    access log;

    "GET /wp-admin/load-scripts.php?c=0&load%5B%5D=hoverIntent,common,admin-bar,wp-ajax-response,jquery-color,wp-lists,quicktags,jquery-query,admin-comments,jquery-ui-core,jquery-&load%5B%5D=ui-widget,jquery-ui-mouse,jquery-ui-sortable,postbox,underscore,wp-util,wp-a11y,dashboard,thickbox,plugin-install,updates,shortc&load%5B%5D=ode,media-upload,svg-painter&ver=5.2.1 HTTP/1.0" 403 591 "https://staging.example.com/wp-admin/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:67.0) Gecko/20100101 Firefox/67.0"

    error log;

    client denied by server configuration: /wp-admin/load-scripts.php, referer: https://staging.example.com/wp-admin/

    Interestingly I was able to FIX the problem by click on WP Toolkit security and applying all security measures except for;

    Disable scripts concatenation for WordPress admin panel

    Turn off pingbacks

    Enable hotlink protection

    Enable bot protection

     

    All others are enabled and after that I could log into WP dashboard with CSS working.  Bug when security settings are applied for a fresh install?  Hope that helps someone.

  • Avatar
    Alisa Kasyanova

    @Peter Debik
    We have a similar bug EXTWPTOOLK-1102, you may refer to this article for more information: https://support.plesk.com/hc/en-us/articles/213925505-Unable-to-edit-posts-or-use-plugin-dashboard-in-WordPress-dashboard-after-applying-security-measures-by-Plesk-WordPress-Toolkit
    If you encounter the same issue in the future, try to use the workaround from that article. Thank you!

  • Avatar
    Alisa Kasyanova

    @Adrian Boldor
    In order to determine the exact cause of the issue and to develop a proper workaround, a thorough investigation is needed. I recommend contacting our support as per https://support.plesk.com/hc/en-us/articles/213608509-How-to-submit-a-request-to-Plesk-support-

Please sign in to leave a comment.

Have more questions? Submit a request