Cannot access Wordpress website hosted in Plesk for Linux: 403 Forbidden

Started by Suhitha, Sep 10, 2025, 07:50 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions

Suhitha

Sep 10, 2025, 07:50 AM
Question: Cannot access Wordpress website hosted in Plesk for Linux: 403 Forbidden (ModSecurity Action)


Applicable to:

Plesk for Linux


Symptoms

  • A Wordpress instance site hosted on Plesk fails to load with:

Code Select
403 forbidden

  • Log records similar to the examples below can be found at /var/www/vhosts/example.com/logs/errors_log:

Code Select
ModSecurity: Access denied with code 403 (phase 4). Match of "rx \\\\ssrc=\\\\x22https:\\\\/\\\\/www\\\\.googletagmanager\\\\.com\\\\/ns\\\\.html\\\\?id=GTM|\\\\ssrc=\\\\x22https:\\\\/\\\\/w\\\\.soundcloud\\\\.com\\\\/player\\\\/\\\\?url=" against "TX:0" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/19_Outgoing_FilterInFrame.conf"] [line "14"] [id "214540"] [rev "5"] [msg "COMODO WAF: Possibly malicious iframe tag in output||example.com|F|3"] [data "Matched Data: <iframe src=\\x22https://widgets.wp.com/3rd-party-cookie-check/index.html\\x22 style=\\x22display:none found within TX:0: <iframe src=\\x22https://widgets.wp.com/3rd-party-cookie-check/index.html\\x22 style=\\x22display:none"] [severity "ERROR"] [tag "CWAF"] [tag "FilterInFrame"] [hostname "example.com"] [uri "/index.php"] [unique_id "Yxhf3IEsQWESe-rBcToL6AAAAEo"]
Code Select
ModSecurity: Warning. Operator GE matched 4 at TX:outgoing_points. [file "/etc/apache2/modsecurity.d/rules/comodo_free/20_Outgoing_FiltersEnd.conf"] [line "38"] [id "214940"] [rev "2"] [msg "COMODO WAF: Outbound Points Exceeded| Total Points: 4|example.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "FiltersEnd"] [hostname "example.com"] [uri "/error_docs/forbidden.html"] [unique_id "Yxhf3IEsQWESe-rBcToL6AAAAEo"]

Cause

The WordPress 3rd-party cookie-checking plugin triggers a false positive block action by ModSecurity.


Resolution

  • Switch off the security rules found on the logs by its ID(s) with this instructions.
Note: For example on the above domain logs the errors contain more than one rule ID as: [id "214540"] and [id "214940"].On this case "214540" and "214940" should be disabled.


Additional information

A website hosted in Plesk fails to load when ModSecurity is enabled
Print
Go Up Pages1
User actions