Plugin Settings - 403 forbidden

tho_schi · October 22, 2019, 3:35pm

Hi,

I’ve installed the plugin on Wordpress 5.2.4. Installation was fine so far. But there are some links in the Plugin-Settings where I get a 403 forbidden. For example:

“Reporting”: the link target is https://mydomain/wp-admin/admin.php?page=matomo-reporting.
But apparently there’s a redirect to https://mydomain/wp-content/plugins/matomo/app/index.php?idSite=1&period=day&date=yesterday&module=PrivacyManager&action=privacySettings

“Tag Mananger”: same as “Reporting”. The redirect to wp-content/plugins/matomo/app/index.php?.. ends up in 403.

Settings/Privacy: “Anonymize Data” and the other links all end up in 403

The same if I try to call the matomo opt-out in a wp-site

Is the redirect to wp-content/plugins/matomo/app/index.php wanted?

In the htaccess I can’t see anything that would cause the 403 in the plugin-directory. For testing I’ve disabled my firewall plugin and the csp header but nothing changed. The directory/file permissions are fine. d 755 f 644 (as WP recommends)

How can I fix it?

Greetz
Thomas

Lukas · October 22, 2019, 4:22pm

Hi,

Can you check your webserver error log? It should explain why the server returns a 403

thomas_matomo · October 22, 2019, 6:54pm

Be indeed good to check your webserver error log.

Do all the other screens within the WordPress admin work (like Summary, About, Settings, …)?

tho_schi · October 23, 2019, 9:58am

Thank you for reply. I’ve found the problem. There was a seperate htaccess in wp-content which disable direct access of any *.php files.

<FilesMatch .php>
 Order deny,allow
  Deny from all
</FilesMatch>

For security reasons I would like to keep that. I’m not a specialist in htaccess directives. Can someone tell me how to write a rule that keeps the generell restriction for php-files with an exception for the matomo index.php?