Skip to content
  • Solutions
    By Role
    • For Developers
    • For Content Managers
    • For Agencies
    • For IT Admins
    • For Web Hosters
    • For Developers
    • For Content Managers
    • For Agencies
    • For IT Admins
    • For Web Hosters
    By Infrastructure
    • Overview
    • AWS
    • Microsoft Azure
    • Alibaba Cloud
    • Google Cloud Platform
    • Vultr
    • Overview
    • AWS
    • Microsoft Azure
    • Alibaba Cloud
    • Google Cloud Platform
    • Vultr
    • Digital Ocean
    • Linode
    • Upcloud
    • Oracle
    • OVH
    • Digital Ocean
    • Linode
    • Upcloud
    • Oracle
    • OVH
  • Product
    • Plesk Features
    • Plesk Editions
    • What’s new
    • Pricing
    • Roadmap
    • Lifecycle Policy
    • Extensions Catalogue
  • Pricing
  • Extensions
    Featured Extensions
    • SocialBee
    • WP Toolkit
    • Sitejet Builder for Plesk
    • SEO Toolkit
    • Joomla! Toolkit
    • Premium Email
    • Email Security
    • SocialBee
    • WP Toolkit
    • Sitejet Builder for Plesk
    • SEO Toolkit
    • Joomla! Toolkit
    • Premium Email
    • Email Security
    Bundles and packs:
    • Business and Collaboration Edition
    • WP pack
    • Hosting pack
    • Power pack
    • Language pack
    • Business and Collaboration Edition
    • WP pack
    • Hosting pack
    • Power pack
    • Language pack

    See all Extensions

  • For Partners
    • Plesk Contributor Program
    • Plesk Partner Program
    • Affiliate program
    • Plesk University
  • Help Center
    • Documentation
    • Professional Services
    • Support
    • Contact Us
    • Wiki
    • Forum
  • Plesk 360 login
  • Free Trial
  • Pricing
  • Solutions
    • By Role
      • For Developers
      • For Content Managers
      • For Agencies
      • For IT Admins
      • For Web Hosters
    • By Infrastructure
      • Overview
      • Plesk on Amazon Web Services (AWS & Lightsail)
      • Microsoft Azure
      • Alibaba Cloud
      • Google Cloud Platform
      • Vultr
      • DigitalOcean
      • Linode
      • UpCloud
      • Oracle
      • OVH
  • Products
  • Pricing
  • Extensions
    • Featured Extensions
      • SocialBee
      • WP Toolkit
      • Sitejet Builder for Plesk
      • SEO Toolkit
      • Joomla! Toolkit
      • Premium Email
      • Email Security
    • Bundles and packs:
      • Business and Collaboration Edition
      • WP pack
      • Hosting pack
      • Power pack
      • Language pack
      • See all Extensions
  • For Partners
    • Plesk Contributor Program
    • Plesk Partner Program
    • Affiliate Program
    • Plesk University
  • Help Center
    • Documentation
    • Professional Services
    • Support
    • Contact Us
    • Wiki
    • Forum
  • Plesk 360 login
  • Free Trial
  • Pricing
  • Solutions
    • By Role
      • For Developers
      • For Content Managers
      • For Agencies
      • For IT Admins
      • For Web Hosters
    • By Infrastructure
      • Overview
      • Plesk on Amazon Web Services (AWS & Lightsail)
      • Microsoft Azure
      • Alibaba Cloud
      • Google Cloud Platform
      • Vultr
      • DigitalOcean
      • Linode
      • UpCloud
      • Oracle
      • OVH
  • Products
  • Pricing
  • Extensions
    • Featured Extensions
      • SocialBee
      • WP Toolkit
      • Sitejet Builder for Plesk
      • SEO Toolkit
      • Joomla! Toolkit
      • Premium Email
      • Email Security
    • Bundles and packs:
      • Business and Collaboration Edition
      • WP pack
      • Hosting pack
      • Power pack
      • Language pack
      • See all Extensions
  • For Partners
    • Plesk Contributor Program
    • Plesk Partner Program
    • Affiliate Program
    • Plesk University
  • Help Center
    • Documentation
    • Professional Services
    • Support
    • Contact Us
    • Wiki
    • Forum
  • Plesk 360 login
  • Free Trial
Plesk 360 login
Free Trial

Knowledge Base

Cannot access WordPress website hosted in Plesk for Linux: 403 Forbidden (ModSecurity Action)

 
hostedlinuxphpplesk for linuxsecurity

Symptoms

  • A WordPress instance site hosted on Plesk fails to load with:

    403 forbidden

  • Log records similar to the examples below can be found at /var/www/vhosts/example.com/logs/errors_log:

    ModSecurity: Access denied with code 403 (phase 4). Match of "rx \ssrc=\x22https:\/\/www\.googletagmanager\.com\/ns\.html\?id=GTM|\ssrc=\x22https:\/\/w\.soundcloud\.com\/player\/\?url=" against "TX:0" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/19_Outgoing_FilterInFrame.conf"] [line "14"] [id "214540"] [rev "5"] [msg "COMODO WAF: Possibly malicious iframe tag in output||example.com|F|3"] [data "Matched Data: <iframe src=x22https://widgets.wp.com/3rd-party-cookie-check/index.htmlx22 style=x22display:none found within TX:0: <iframe src=x22https://widgets.wp.com/3rd-party-cookie-check/index.htmlx22 style=x22display:none"] [severity "ERROR"] [tag "CWAF"] [tag "FilterInFrame"] [hostname "example.com"] [uri "/index.php"] [unique_id "Yxhf3IEsQWESe-rBcToL6AAAAEo"]

    ModSecurity: Warning. Operator GE matched 4 at TX:outgoing_points. [file "/etc/apache2/modsecurity.d/rules/comodo_free/20_Outgoing_FiltersEnd.conf"] [line "38"] [id "214940"] [rev "2"] [msg "COMODO WAF: Outbound Points Exceeded| Total Points: 4|example.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "FiltersEnd"] [hostname "example.com"] [uri "/error_docs/forbidden.html"] [unique_id "Yxhf3IEsQWESe-rBcToL6AAAAEo"]

Cause

The WordPress 3rd-party cookie-checking plugin triggers a false positive block action by ModSecurity.

Resolution

  • Switch off the security rules found on the logs by its ID(s) with this instructions.

    Note: For example on the above domain logs the errors contain more than one rule ID as: [id "214540"] and [id "214940"].On this case "214540" and "214940" should be disabled.

Additional information

A website hosted in Plesk fails to load when ModSecurity is enabled

Tweet
Share
Share
Email
0 Shares
Read the full article
Related Posts

Securing the WordPress Frontier with WP Guardian

Read More »

Introducing WP Guardian Vulnerability Protection: Now available for WP Toolkit

Read More »

How to Check Open Ports in Linux (Simple Commands & Tools)

Read More »
Knowledge Base

WordPress website displays error 403 intermittently: access forbidden by rule request: “POST /xmlrpc.php on Plesk server

Read More »

A copied WordPress instance in Plesk redirects to original domain

Read More »

Broken WordPress installation after migration to Plesk via Site Import: it does not seem that this WordPress website is working

Read More »

On Plesk server with both fail2ban and Imunify360 turned on, IP addresses are intermittently banned

Read More »

Hosting Wiki

  • Content Security Policy ( CSP )
  • Linux Containers
  • PhpMyAdmin
  • phpPgAdmin
  • Linux
  • PHP
  • WordPress
  • Plesk
  • URL
X-twitter Linkedin Youtube Reddit Github
  • Product
  • Login
  • Pricing
  • Editions
  • For Partners
  • Partner Program
  • Contributor Program
  • Affiliate Program
  • Plesk University
  • Company
  • Blog
  • Careers
  • Events
  • About Plesk
  • Our Brand
  • Resources
  • User and Admin guides
  • Help Center
  • Migrate to Plesk
  • Contact Us
  • Hosting Wiki
  • Forum
  • Legal
  • Legal
  • Privacy Policy
  • Imprint

© 2025 WebPros International GmbH

Part of the WebPros®  Family