403 Forbidden on a couple of WordPress admin pages


New Member
  • Ubuntu Bionic hosted on GPC
  • WordPress 5.4.2
  • mod_sec not intalled
403 Forbidden when accessing Add New Plugin (/wp-admin/plugin-install.php) and also when opening modal for plugin update information (e.g., /wp-admin/plugin-install.php?tab=plugin-information&plugin=my_plugin&section=changelog&TB_iframe=true&width=772&height=1167).

Using the same setup on 3 other websites without error. Permissions are correct (0644, owned by the webserver user). Temporarily disabled all plugins to see if any of them were causing it. Cleared all caches, locally and Cloudflare. Still no joy.

Not finding anything in the logs.
Last edited:
Last 100 lines of error log. Nothing useful as far as I can see. Note that I disabled the blackhole plugin (along with all other plugins) previously and still got the 403 error.

Accessed the page, then ran TAIL on the log immediately. Some paths altered for security:


Last edited:
Permissions and ownership are correct (0644, www-data). So are the paths. No redirect happening either.

Is there another log I could look at that might show the 403 error with more detailed explanation?