Just a day after announcing my new site I get reports that people were not able to access it. So I tried it and sure enough I was getting a 404 forbidden message on every page of the site. I tried not to panic but seeing this message gave me chills.
So the first thing was to try to retrace my steps and undo all the things I have done to the site starting with the latest.. but while I though about this I started to ruled out the least possible causes. The one that stood out was the .htaccess edits I did the night before. I had added a bunch of ‘stuff’ (code) to it mainly to make the site a bit more secure. Boy did that back-fired. As I was now getting a scary ‘Forbidden’ message when I visited the site.. and so was everyone else!
The exact message on the page was:
FORBIDDEN you don’t have permission to access /index.php on this server.
Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
So, to fix this i had to remove this piece of code:
# PROTECT SENSITIVE FILES BY FILE TYPE <filesmatch "\.(htaccess|htpasswd|ini|php|fla|psd|log)$"=""> Order Deny,Allow Deny from all Allow from 123.456.789.0
which I had inserted in the .htaccess file in a effort to secure some file types in my wp install. I had manually added this but be aware that some security plugIns will add this for you as part of their security features. Just be aware and remember if you selected this option. It will usually be titled “Protect additional file types” or something along those lines. I am sure that this is not the intended outcome from the plugin developers and sites that suggest applying this as an extra layer of security, but in my case it caused this ‘Forbidden’ error throught my site.
Well, I hope this helps in case you find yourself in this predicament.