Blocked from ACP by wordfence

BroIgnatius · Post by **BroIgnatius** » Tue Jun 04, 2019 8:50 pm

Wordfence, a wordpress plugin, is interfering with a phpbb bulletin board for some reason. When I try to go into the ACP screen in phpbb, and re-authenticate, I get a wordfense error of "403 Forbidden: A potentially unsafe operation has been detected in your request to this site. Generated by Wordfence at..."

I have tried removing wordfence from every wordpress installation on the domain. I have tried reinstalling phpbb 3.2.7. This is happening on any domain I have with phpbb. All the domains are on mydomain.com.

I have contacted wordfence support and got no help. I have contacted mydomain.com and their techs are scratching their heads and still working on it.

phpbb Version: 3.2.7

Server Info:
MySQL Version: 5.6.32
PHP Version: 5.6
Platform: Debian

Help

Post by **KevC** » Tue Jun 04, 2019 8:52 pm

Are you sure it's not just your hosts mod_security triggering something?

The wordpress and phpBB installations are totally self contained and should have no way of interfering with each other.

david63 · Post by **david63** » Tue Jun 04, 2019 9:02 pm

Do you some form of caching on your board/site/domain/account (such as Cloudflare)?

Post by **thecoalman** » Tue Jun 04, 2019 11:23 pm

OPcache if configured for performance could cause this as .php files are not checked for deletion or changes. If you can get into the main page of the ACP purging phpBB's cache will conveniently trigger a purge of OPcache.

Cloudflare by default would not cause this as they do not cache .html, .php etc unless the user has explicitly made changes. You can always check the response header for CF-Cache-Status: HIT to see if it's cached by Cloudflare

That said I'd be looking at the documentation for wordfence, they must have the means to ignore directories outside of the WordPress install.

BroIgnatius · Post by **BroIgnatius** » Tue Jun 04, 2019 11:56 pm

KevC wrote: ↑Tue Jun 04, 2019 8:52 pm Are you sure it's not just your hosts mod_security triggering something?

The wordpress and phpBB installations are totally self contained and should have no way of interfering with each other.

I have no idea.

BroIgnatius · Post by **BroIgnatius** » Tue Jun 04, 2019 11:57 pm

david63 wrote: ↑Tue Jun 04, 2019 9:02 pm Do you some form of caching on your board/site/domain/account (such as Cloudflare)?

The only cache is that in wordpress, maybe. I cleared that. I cannot get into the ACP to delete cache. I can check about doing that from within MySQL.

BroIgnatius · Post by **BroIgnatius** » Wed Jun 05, 2019 12:01 am

thecoalman wrote: ↑Tue Jun 04, 2019 11:23 pm OPcache if configured for performance could cause this as .php files are not checked for deletion or changes. If you can get into the main page of the ACP purging phpBB's cache will conveniently trigger a purge of OPcache.

Cloudflare by default would not cause this as they do not cache .html, .php etc unless the user has explicitly made changes. You can always check the response header for CF-Cache-Status: HIT to see if it's cached by Cloudflare

That said I'd be looking at the documentation for wordfence, they must have the means to ignore directories outside of the WordPress install.

Cannot get into ACP

Never heard of Clouidflare

Wordfence support was not helpful. They said that wordfence can effect outside of wordpress, and then directed me to a Live Scan to which no entry existed for the phpbb.

Post by **thecoalman** » Wed Jun 05, 2019 12:15 am

If it's installed with changes to .htaccess or server config it can certainly affect files within phpBB directory. Software like this usually comes with the means to ignore directories.

https://www.google.com/search?q=wordfen ... bdirectory

This is really not the place to get answers to your questions because whatever is occurring here is happening before anything to do with phpBB.

2600 · Post by **2600** » Wed Jun 05, 2019 5:04 am

BroIgnatius wrote: ↑Tue Jun 04, 2019 11:56 pm
KevC wrote: ↑Tue Jun 04, 2019 8:52 pm Are you sure it's not just your hosts mod_security triggering something?

The wordpress and phpBB installations are totally self contained and should have no way of interfering with each other.
I have no idea.

You can go into your cPanel and there should be an option to disable mod_security. If not, ask your host about it. Turn it off first for testing. If that isn't the problem turn it back on. If the problem is mod_security, your host will have to change it to not interfere with your website's.

You can always clear your cache in the FTP. This is not sql related. Log into your FTP and in the cache folder delete the production folder. It will rebuild.

WDUK · Post by **WDUK** » Tue May 24, 2022 1:17 pm

I had the same problem, which is how I ended up on this topic.

I fixed it by unticking the 'Scan files outside your WordPress installation ' option in the 'Scan Options' section of Wordfence.

In case that helps anyone