403 Forbidden on self GET wp-admin

Question

403 Forbidden on self GET wp-admin

thefrosty opened this issue a year ago · 2 comments

I've been seeing this 403 Forbidden error in my HTTP API Calls for quite some time, and am looking into it.

It's a URL in which can be hit on any WordPress install with the standard DB Update screen (if they aren't blocking such a request). So internally I would expect no such error.

I can hit the /wp-admin/upgrade.php?step=1 on my site in a private non-logged in window, so just trying to understand what else I might be missing.

Current server stats:

PHP: 8.2.15 (was happening on 8.0 too)
Apache 2.4.58 (behind nginx reverse Proxy)
Multisite/multinetwork.

Answer 1 · 2024-02-04T20:40:29.000Z

That's the standard mechanism that WordPress multisite uses to perform updates on sites within the network. I've no idea why it could return a 403.

This isn't triggered by Query Monitor, despite what the "Component" column says. Sometimes QM will blame itself if it's not sure what triggered the request or if your site uses a non-standard directory structure.

Answer 2 · 2024-02-04T21:17:39.000Z

Thanks, I'll continue my investigation elsewhere.