2

When I try to make a backup of my wordpress website through plugin I recieve the following error:

"403 Forbidden - You don't have permission to access /wp-admin/admin-ajax.php on this server."

This error also appears sometimes during installation of plugins.

My htaccess file:

# Begin Wordpress <IfModule mod_rewrite.c> RewriteEngine On RewriteBase / RewriteRule ^index\.php$ - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] </IfModule> # END WordPress

Structure of Server:

-/ -/wordpress -/oldfiles -/other

inside /wordpress my entire wordpress website exists as:

-/wordpress -/wp-admin -/wp-content -/.htaccess

etc etc.....

Things I've tried:

-Used different plugins for backup (1 Updraft, 2 Duplicator) both show the same error.

-Change file permissions from ftp client.

Set 755 permission to wp-admin, wp-includes, wp-content directories

Set 644 to all files inside the directories and 755 to all the sub-folders.

-I even changed the folder permission of /wp-admin to 755 and admin-ajax.php to 777 but still getting the same error

-Made modification in .htaccess file as follows:

# BEGIN WordPress <Files admin-ajax.php> Order Deny,Allow Deny from all Allow from all </Files> <IfModule mod_rewrite.c> RewriteEngine On RewriteBase / RewriteRule ^index\.php$ - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] </IfModule> # END WordPress

-Disabled all plugins and enabled only the backup creating plugins, same error.

-Deleted .htaccess file

-Made a temporary 301 redirect in .htaccess file to be sure I was working on the right .htaccess file

-Disabled "Wordfence security" plugin

Improve this question
4
  • Whilst your WordPress installation appears to be in the /wordpress subdirectory, the WordPress .htaccess file appears to load /index.php in the document root? The error msg that you stated also references /wp-admin/.... in the document root? Commented Aug 15, 2019 at 11:28
  • There's a default redirect set to go to /wordpress sub-directory. The .htaccess file is inside the /wordpress sub-directory. Besides, I also set permissions of 755 on the /wp-admin inside the subdirectory and 644 to the admin-ajax.php still nothing happened. Commented Aug 15, 2019 at 11:56
  • What happens when you request /wp-admin/admin-ajax.php (or /wordpress/wp-admin/admin-ajax.php) directly? What about the file's "group"? I would check if there are any Apache security modules that might be interfering: mod_security, mod_evasive, etc.? Commented Aug 16, 2019 at 20:48
  • Aside: "a default redirect" - I assume by that you mean there is an internal rewrite in a parent .htaccess file that rewrites the request directly to /wordpress/index.php? That maybe so, but it doesn't make the /wordpress/.htaccess file correct - either there would seem to be an additional / unnecessary rewrite going on here or the front-controller in /wordpress/.htaccess is being bypassed? (Would need to see the parent .htaccess file to know for sure how your WP URLs are being routed.) Although this is unlikely to have anything to do with your "permissions" issue. Commented Aug 16, 2019 at 20:56

1 Answer 1

Reset to default
3

This sounds like it's probably caused by mod-evasive (or similar) plugin in Apache (or similar), blocking multiple consecutive requests as it thinks you are trying to run a denial of service (DOS) attack against the server. Try disabling any security plugins (Apache / web server ones, not WordPr

Improve this answer

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.