On a new install with only WordFence plugin installed (error was occurring before WordFence as well).
PHP 7.4 and 8.0 and 8.1 I’ve tried (currently 8.1).
No serious issues in wordpress site health.
New install, created homepage. Then when I try to edit the homepage I constantly get the error. Devtools showing 403 error.
Any advice? Thanks.
Clint
Hey Clint,
Thanks for reaching out!
I checked your website and there’s no issue with loading the iframe. I was able to access your pages using Cornerstone. Please check the screenshots in the secure note.
Thank you.
Hi Marc,
Thanks for checking, yes I somehow managed to fix it in a very specific way, by moving a top section further down then back again. It is able to be reproduced by changing the position of sections. Please see my video in private note on how to reproduce and how I can cause it to happen. So the build isn’t reliable. I’ve tried duplicating the homepage and the issue doesn’t go away. Basic page with sections and images and rows inside rows. Devtools shows 403 when it happens, please let me know if you can reproduce similar to my video.
Thanks.
Hey Clint,
I was able to replicate the issue on your website but I can’t replicate it on my local environment. I suspect that this has something to do with your PHP version or something else. Please try downgrading your PHP version to 7.4 as the WordPress PHP version recommend and let’s see how it goes.
Thank you.
Hi Marc,
Further testing here, and I discovered it is due to cPanel ModSecurity setting when that is enabled the issue occurs. This seems to be default setting of enabled for my sites. Not a problem for earlier Pro versions so something to do with v6 and ModSecurity I suspect. The issue I showed earlier happens in all PHP versions and the only fix for me was disabling ModSecurity.
I disabled ModSecurity and the issue disappeared.
You can enable ModSecurity on your environment and see if you can then replicate, in that case I think it is a bug to be fixed.
For now I will run with ModSecurity disabled (I don’t know how important it is).
You can login and get a copy of the page where you replicated issue on my site if you need it.
Thanks,
Clint
Hey Clint,
If ModSecurity is the issue on your website, you may disable it for your website to work. This doesn’t mean though that you keep ModSecurity disabled because it’s important for your site’s security. This just means that your web host must whitelist directories used by Cornerstone. The said directories are:
cornerstone-endpointxThis ModSecurity problem is not common. Cornerstone works out of the box with no special server configuration in all web hosts I tested.
Hope that helps.
Thanks for the additional information Marc, knowing the paths will be useful in future. The solution the server support put in place is to whitelist ModSecurity rule IDs 340029, 300051, and 300074 if it helps anyone else.
Hello Clint,
Glad that we were able to help you. Thank you for sharing the information. Please feel free to open a new thread if you have any more concerns.
Thanks
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.