403 Error on Plugin Upload

Hi I am using your wordpress image on digitalicean and I am getting 403 error every time I am trying to upload a plugin through wordpress.

I have checked maximum upload size is set to 100M and plugin I am trying to upload is less than 7MB.

Can you please help what am I doing wrong?


Hi @tathspts ,

May I ask this is a default wordpress site, or it's migrate from your site already?
Could you upload a screenshot when upload failed?
You also mentioned `checked maximum upload size`, may I also ask which php parameters you have updated?

only this different here from your defaulr wordpress setup is, I added new vhost using these commands. Everything works fine except I can't upload plugins to wordpress.

wget https://raw.githubusercontent.com/litespeedtech/ls-cloud-image/master/Setup/vhsetup.sh
chmod +x vhsetup.sh
bash vhsetup.sh

I have tested and I am able to upload media files just fine. In that too I noticed it says maximum allowed size is 16MB. Shouldn't it say 100MB? Since I modified it in php.ini now? https://prnt.sc/pqnolc
the way I see it, Owner/Group www-data / www-data does not have permission to upload anything to wordpress install.

if I am trying to upload stuff using sftp it works but uploaded files in that case have root as owner and I do not feel comfortable uploading files using root user.



I just launched a new server and run vhsetup script and finish the wordpress installation. Login to the wp-admin and then tried uploading plugins without any permission issue. www-data user/group should correct. Maybe you can send the issue to support@litespeedtech.com with reproduce method.
turns out the problem is the mod security configuration. Below is my mod security conf. If I remove the line "SecRequestBodyAccess On" it works fine as far as plugin upload is concerned. But if I remove this line mod security module itself does not work. Not sure if you can help?

modsecurity on
modsecurity_rules `
SecRuleEngine On
SecRequestBodyAccess On
SecDataDir "/var/log/secdatadir"

modsecurity_rules_file /usr/local/lsws/modsec/owasp/crs30/owasp-master.conf
modsecurity_rules_file /usr/local/lsws/modsec/comodo/rules.conf