Reply To: bbPress bulk user edit 403 error – user-edit.php 403 error

Logged into this website:
I found several problems in Custom Code and fixed them, but your server itself is blocking this Query string below and causing the problem with bulk user edits. I believe BPS needed a whitelist rule created which I created, but your LiteSpeed server is also blocking the same thing since it looks dangerous to your server as well.

After whitelisting “order” in the BPS root and wp-admin htaccess files the problem was still occurring.  When I put BPS in Default Mode and deactivate wp-admin BulletProof Mode I see a LiteSpeed server 403 error displayed.  That means your LiteSpeed server is probably also blocking this Query String below and most likely because “order” and “orderby” are being used in the Query String which is a very common hacking pattern/string/simulated SQL Injection hacking attempt.  You will need to contact your host support and send them all of this information so that they know exactly what to look for to fix this issue.  They will probably have to create a whitelist rule on the LiteSpeed server itself. Have your support folks look at the LiteSpeed server logs.

http://www.example.com/wp-admin/user-edit.php?user_id=625&wp_http_referer=%2Fwp-admin%2Fusers.php%3Fs%3DMelanie%2BMason%26action%3D-1%26new_role%26bbp-new-role%26bbp-bulk-users-nonce%3D0de8573cc5%26action2%3D-1%26orderby%3Dlogin%26order%3Dasc

[403 GET|HEAD Request: November 11, 2015 - 11:22 am] 
Event Code: WPADMIN-SBR
Solution: http://forum.ait-pro.com/forums/topic/security-log-event-codes/
REMOTE_ADDR: xxx.xxx.xxx.xxx
Host Name: [removed]
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR: xxx.xxx.xxx.xxx
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: POST
HTTP_REFERER: http://www.example.com/wp-admin/user-edit.php?user_id=625&wp_http_referer=%2Fwp-admin%2Fusers.php%3Fs%3DMelanie%2BMason%26action%3D-1%26new_role%26bbp-new-role%26bbp-bulk-users-nonce%3D0de8573cc5%26action2%3D-1%26orderby%3Dlogin%26order%3Dasc
REQUEST_URI: /wp-admin/user-edit.php
QUERY_STRING:
HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.80 Safari/537.36

• This reply was modified 14 hours, 43 minutes ago by  AITpro Admin.
• This reply was modified 14 hours, 43 minutes ago by  AITpro Admin.