Wp-admin/admin-ajax.php returning a 403 Wordpress

Hi Everyone, got an issue that’s driving me nuts, I’ve raised support tickets all over the place and still can’t seem to find a solution.

We are running wordpress and keep getting a 403 which results in this error popping up in the UI which prevents any sort of admin actions with plugins like slider revolution. “Ajax Error!!! error” with any url that leverages */wp-admin/admin-ajax.php

I’ve applied to page rules to disable cache, security and performance for those URL’s looks like “/wp-admin/” this but it isn’t helping. Not sure if anyone has seen this issue before but if you’ve managed to sort it out I would very much appreciate it if you could share the solution. Right now I’m taking shots in the dark with firewalls and the likes, it’s a production site so I invariably roll back whenever I try something that doesn’t work. Very stuck.

{redacted} I have a ticket open for this as well 2284929

@MoreHelp 2284929

May I ask to post a screenshot of this 403 error?

Does it come from your origin host / server or it’s the 403 from Cloudflare?

Have you tried temproary to Pause Cloudflare for your site or switching :orange: to :grey: (DNS-only) if there could be any diffference at all?

Where did you saw it appearing firstly?

  • In the Developer console / Network tab of Developer Tools (F12 in Firefox or Chrome)?
  • Or rather in your server access and/or error log files?

May I ask and could we clearify few things first:

  • Have you activated some security option at your WordPress?
  • Do you use any security plugin for your WordPress like Wordfence, etc.?
  • Regarding Cloudflare, do you use is the Bot Fight Mode option enabled?
  • Also, regarding Cloudflare, do you use any of the custom-made Firewall Rules at the Cloudflare dashboard?
  • Are you using a Free or some Paid plan at Cloudflare?
  • Furthermore, maybe if you are on a Pro Plan, the Managed WAF could possibly block some requests. If so, may I ask did you checked your Cloudflare Firewall Events, does something appear over there?

Seems like the REST API is being disabled / protected as well?

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.