One of my client’s website was throwing 403 forbidden error two days ago. I googled for a fix and tried almost everything possible. Both homepage and admin login pages were showing same forbidden 403 error page.
- As its wordpress site, i tried to access the readme.html file which i kept on the server (example.com/readme.html) Even the readme file wasn’t accessible.
- I deleted the .htaccess file and it didn’t help.
- I changed PHP version from 7.3 to 7.4 and still there was no hope.
- I logged in to file manager through Direct Admin and renamed the plugins folder to plugins-old. Still the site was not working.
- Even renaming the cache folder to cache-old didnt help either.
- There was a subdomain which is used to run an egreetings php page. Even that subdomain was showing same 403 error page. Hence I understood it could be something related to the server.
- I contacted the Support team of my host, Ethwebs.net and opened a ticket. I got reply from the support department that mod_security was updated a few hours ago and the misconfiguration prevented everything in PHP from running. As soon as the mod_security fix was done by the support team, my client site started to load fine.
So guys, if you face some serious 403 forbidden error and couldn’t find a fix, just contact your host’s support and ask about the mod_security update. The uptimerobot monitoring system wasn’t showing any downtime. But the sites were not accessible. The host also rely on uptime monitoring systems to know whether the server is down or not. But there are chances where such monitors can suck and the sites can still show forbidden pages.