403 Forbidden Error in Centos WebPanel (CWP)

If you are facing this annoying error while reaching your WordPress, WHMCS or any other CMS website :

Forbidden
You don’t have permission to access /wp-admin/ on this server.

If you are facing CWP Free version and have mod_security turned on, then you probably need to disable one of if its rules that generate false positive. I’ve tested this on CMS other than WordPress so if you are using any other CMS like Joomla, Magento or OpenCart, etc it might be worth trying.

Be advised that this tutorial is for only those who are using the following:

  1. CentOS WebPanel (CWP)
  2. Mod Security (Turned On)
  3. Receiving Forbidden Errors while accessing your website

First Off, try restarting CWP Services. It might fix the issue. There are multiple ways to do that, but I’m going to mention two:

  • Run service cwpsrv restart using SSH

OR

If restarting CWP Services doesn’t help, try this solution:

  • Navigate to Security > Mod Security
  • In the Info Panel on the right, scroll down and look for Configuration Files.
  • Click on Disable Rules and a file

    /usr/local/apache/modsecurity-owasp-old/global_disabled_rules.conf

    will be loaded in the left pane.

  • Add these lines at the end of the file:
    ##Manual WP##
    SecRuleRemoveById 981172
    SecRuleRemoveById 958057
    SecRuleRemoveById 950911
    SecRuleRemoveById 981317
    SecRuleRemoveById 958049
    SecRuleRemoveById 973302
    SecRuleRemoveById 973306
    SecRuleRemoveById 973314
    SecRuleRemoveById 973322
    SecRuleRemoveById 973348
    SecRuleRemoveById 973344
    SecRuleRemoveById 973332
  • and then Click Save
  • After saving the file click on Restart Apache in the Info Panel on the Right

Voila! the forbidden error is now gone. 

If you are still facing issues and the above guide didn’t help, you can either drop a comment or open a ticket to ask me for help.