There have been some issues recently from people I know receiving a 403 Error when trying to access WordPress self-hosted websites.
After some research, I collected the following information for you just in case you run into this issue.
This is what the error may look like:
Error 403
We're sorry, but we could not fulfill your request for / on this server.
You do not have permission to access this server. Before trying again, run anti-virus and anti-spyware software and remove any viruses and spyware from your computer.
Your technical support key is: 1872-ff63-2b02-1b1f
You can use this key to fix this problem yourself.
If you are unable to fix the problem yourself, please contact [SITE OWNER] at [SITE EMAIL] and be sure to provide the technical support key shown above.
What does it mean? Well, here's the answer…
A friend and colleague of mine had a trusted associate come to her self-hosted WordPress website. However, when opening the website, the above error was shown instead of the website. She was completely unable to see ANY webpage on her site. All she saw was a page with the error above. She contacted me to check out why this was happening.
After some thought and disabling of some plugins, I deducted that it was the Bad Behavior plugin causing this error. Once I disabled it, she was able to open the website fine. Hmmm, I knew I had to find a solution for her.
I emailed Michael Hampton over at the Bad Behavior website (Home of the premier link spam killer) and he got back to me right away with the answer.
Here's what he said:
In this case the IP address of your friend's computer is on the third-party http:BL blacklist to which you subscribed when you configured Bad Behavior. Most likely Rogers has assigned your friend an IP address which was used by another subscriber to send spam in the recent past.
You can usually get a new (and hopefully clean) IP address by resetting the cable modem. You can also disable or retune the http:BL feature.
Michael Hampton
Author of Bad Behavior Plugin
I would personally like to thank Michael for the wonderful support he gave me and his very quick reply.
Be sure to install the Bad Behavior plugin!
You can find out more information and download it here
http://www.bad-behavior.ioerror.us/
Now, it all made sense to me. I immediately went over to Project Honey Pot and entered in her IP address. And WOW, there were many "Bad Behaviors" coming from the same IP address she had. We knew it wasn't her. She lives in a very rural area and her IP is shared by many.
Here's how you search to see if an IP is on the "Bad Behavior" list:
- Go to Project Honey Pot:
http://www.projecthoneypot.org - Click on the "IP Data" tab. This is the Directory of Malicious IPs they've collected.
- Click on the sub-tab "Lookup IP."
- Type in the IP address you want to look up and hit the search button.Not to personally target a bad hacker, but as an example, try searching this IP: 93.174.93.58. (Note: This is not the IP of my friend's friend.)
At this particular moment there are 70,410 web post submissions sent and it's consistent with a comment spammer sending porn keywords and links to various uninviting websites.
In conclusion…
The Bad Behavior plugin was doing it's job! It was blocking all these bad hackers from accessing her website. It does a fantastic job and I highly recommend that you use this plugin if you are self-hosting a WordPress site. Be sure to utilize the http:BL Access Key built in too. This is what makes the error message work and blocks them from access your site.
I just looked at my stats for this very website and Bad Behavior has blocked over 794 in the last 7 days.
To the left is a screen shot from my admin panel (click to enlarge) showing my current stats.
I know that my friend's associate couldn't get on her site, but what about the other multitude of bad guys that use that same IP? Do you want to risk that?
If you know someone that you trust that can't access your website, have them try Michael's tip about unplugging their modem and restarting it. Hopefully, it will give them a new IP. If not, ask them to contact their Internet provider, as it's them that assign the IP to them.
Of course, there are ways to whitelist an IP within WP, but I don't recommend it for someone that shares an IP, even if you trust them.
What would I do if my IP was blocked?
For me, I would contact my IP provider and tell them was was going on. I would also send them the link to look it up at Project Honey Pot so they could see the results of my IP block. Then, I would demand a new IP immediately. If they didn't comply, I would seek a new Internet provider or see if I could get a dedicated IP address that is exclusively for me.
Hopefully, they would take measures to get rid of these people if they were their clients too.
I know it's tough to stop bad hackers from doing what they do, but if you have a website, you need to take the measure necessary to try to stop them.
Let me know if you're using the Bad Behavior plugin and how you like it or if you have a question about it, leave a comment below.
Disclosure: I am not affiliated with this product or it's producers. This is only my opinion.
Last 5 posts by Regina Smola
- WordPress Security Webinar — 6 Things you need to know
- Ho'oponopono TeleWebcast with Mabel Katz and Cyrus Ontiki — October 27
- 15 Tips for WordPress Security
- Free WP Security Webinar on Oct 15
- The Easiest Way to Build New Affiliate Websites
