Skip to main content

Is cPanel to Blame for Wordpress REST API 403 Errors?

Comments

9 comments

  • quietFinn
    You should check Apache error log, that might give you a hint of what is happening. 403 error is often caused by ModSecurity.
    0
  • PostAlmostAnything
    You should check Apache error log, that might give you a hint of what is happening. 403 error is often caused by ModSecurity.

    Interesting, is there any setting in ModSecurity which would explain it? A specific setting please. I tried downloading the Apache error log for the domain via WHM raw log download but it says the log is empty.
    0
  • cPRex Jurassic Moderator
    There wouldn't be a specific setting, but you'd see the 403 errors logged in the Apache log by ModSecurity if it was blocking a request. Then, once you have that log, you can decide if you want to disable that particular ModSecurity rule.
    0
  • PostAlmostAnything
    Interesting, is there any setting in ModSecurity which would explain it? A specific setting please.

    There wouldn't be a specific setting, but you'd see the 403 errors logged in the Apache log by ModSecurity if it was blocking a request. Then, once you have that log, you can decide if you want to disable that particular ModSecurity rule.

    If not ModSecurity then what other default cPanel setting might explain this? The developer of the plugin, Media Cleaner, insists that this is either my fault or yours due to me being the only person to send him repeated complaints of this nature. I think the plugin is more to blame for not having resume feature. Eventually your site will get too big to run the plugin in your browser for days unless your PC doesn't restart. He tried getting me to use WP-CLI but every attempt resulted in a timeout error of 999 seconds. That makes me think something in cPanel must be limiting the amount of time his script can run.
    0
  • kdean
    Do you have caching that may be affecting things? Wordpress REST API that uses Nonces can expire after 12 or 24 hours and can result in a 403 error. Basically depending on when the Nonce was created, it will generally expire as little as 12 hours and no more than 24 with the default setting of 86,400 seconds for Wordpress. So since you mentioned working for 12 hours and then 403 error I thought a nonce could be involved. If you look up wordpress nonces and how they count, you'll see just how weird they are to figure out. I find Nonces also affect cached pages if content on the page uses a nonce and the cached page exists longer than the nonce expiration, the content on the page no longer works. So I use the Nonce Extender plugin to resolve that and let me have longer lived cache pages. So I suggest a test can be done for this. Download and install the Nonce Extender plugin.
    0
  • PostAlmostAnything
    Do you have caching that may be affecting things? Wordpress REST API that uses Nonces can expire after 12 or 24 hours and can result in a 403 error. Basically depending on when the Nonce was created, it will generally expire as little as 12 hours and no more than 24 with the default setting of 86,400 seconds for Wordpress. So since you mentioned working for 12 hours and then 403 error I thought a nonce could be involved. If you look up wordpress nonces and how they count, you'll see just how weird they are to figure out. I find Nonces also affect cached pages if content on the page uses a nonce and the cached page exists longer than the nonce expiration, the content on the page no longer works. So I use the Nonce Extender plugin to resolve that and let me have longer lived cache pages. So I suggest a test can be done for this. Download and install the Nonce Extender plugin.
    0
  • PostAlmostAnything
    Do you have caching that may be affecting things? Wordpress REST API that uses Nonces can expire after 12 or 24 hours and can result in a 403 error. Basically depending on when the Nonce was created, it will generally expire as little as 12 hours and no more than 24 with the default setting of 86,400 seconds for Wordpress. So since you mentioned working for 12 hours and then 403 error I thought a nonce could be involved. If you look up wordpress nonces and how they count, you'll see just how weird they are to figure out. I find Nonces also affect cached pages if content on the page uses a nonce and the cached page exists longer than the nonce expiration, the content on the page no longer works. So I use the Nonce Extender plugin to resolve that and let me have longer lived cache pages. So I suggest a test can be done for this. Download and install the Nonce Extender plugin.
    0
  • kdean
    Nonces are a core wordpress feature so I'm not sure it's a good idea to try and disable if even possible. Not everything uses it but I have run across some output that has and then there's the REST API stuff. It was on the repository up to just very recently. It may have only been removed since it hasn't been updated or the author on the site is gone. If you look at the code, it's pretty basic stuff and clear nothing untoward is going on. You can actually add it to the functions.php as a filter if you want to hard code a number in there. I just thought the plugin that i've used for years makes it a bit easier to adjust and test. It solved my nonces expiring before page cache issue I was having allowing me to keep cached pages around longer, otherwise they can only really last less than 12 hours to be safe.
    0
  • kdean
    Just wondering if you tried any of this and if it helped at all?
    0

Please sign in to leave a comment.