Access denied error for appearance customization (additional CSS)

  • Resolved a2d2

    (@a2d2)


    1 year, 9 months ago

    Hi. I’ve been using AIOS for about 3 months on my site with no problems. Recently, I have been trying to update additional CSS I have been using in WordPress > Appearance > Customise. If I make a change and then click publish I get the following error in a new white screen (not pop up) and then I am prompted to login.

    You need a higher level of permission.
    Sorry, you are not allowed to customise this site.

    I am not sure what the reason for this behaviour could be as I am the sole user with full admin privileges. I have not noticed this problem being caused by any updates to WordPress or plugins recently.

    I did recently add a line to the functions.php file in the theme to disable WordPress’s scaling of images, as below.

    add_filter( 'big_image_size_threshold', '__return_false' );

    Could this cause the access problem?

    The problem is discussed at the following 2 links:

    https://www.hostinger.com/tutorials/fix-sorry-you-are-not-allowed-to-access-this-page-wordpress

    https://www.wpbeginner.com/wp-tutorials/how-to-fix-the-sorry-you-are-not-allowed-to-access-this-page-error-in-wordpress/

    I have tried various methodical debugging routines. Here are my conclusions…

    • Problem occurs for both WordPress 6.5.5 and 6.6.1.
    • Problem occurs even if ALL plugins deactivated (apart from one maintenance mode plugin and AIOS).
    • If all plugins deactivated (apart from one maintenance mode plugin) then when AIOS is installed and activated WordPress gives an error “You do not have permission to access this page. Please log in and try again.” … on logging in I see that AIOS has been activated.

    So, given that the problem definitely seems to be caused by AIOS, I reinstalled all plugins again as before and tried disabling some AIOS features:

    • disable all security settings
    • disable basic firewall

    With a minimal AIOS installation the problem seems to occur less frequently (i.e. not on every save of the additional CSS) but does still occur. I am not sure if there is something in particular causing the problem, it seems to be random but could be due to problems in the code such as bad syntax (i.e. removing a closing bracket or adding a bad function??)

    I have also tried purging cache from the WordPress site and the browser. I have also tried logging in to the WordPress dashboard from a different browser.

    The only way I can get rid of the problem is by deactivating AIOS … shame!

    Any thoughts?

Viewing 4 replies - 1 through 4 (of 4 total)
  • Thread Starter a2d2

    (@a2d2)

    1 year, 9 months ago

    Further to above, the theme editor in WordPress had been disabled so when I wanted to edit the theme’s functions.php file I navigated to the file from cPanel > File Manager and then edited.

    I wanted to disable the automatic scaling of images in WordPress and the edit worked. But by doing this did I unknowingly cause some conflict in the file permissions or corrupt the .htaccess file??

    Plugin Support hjogiupdraftplus

    (@hjogiupdraftplus)

    1 year, 9 months ago

    Hi @a2d2,

    Below filter is of wordpress adding it in functions.php should not make issue when you save a css file.

    wp_create_image_subsizes called this filter gets appplied.

    add_filter( 'big_image_size_threshold', '__return_false' );

    You need a higher level of permission. Sorry, you are not allowed to customise this site

    It might be the AIOS firewall rule creating this issue, try disabling one by one AIOS settings mostily it solves the 403 forbidden issue.

    1) REST API – WP Security > Firewall > WP REST API Can you please cross check the Disallow unauthorized REST requests:
    2) Deny bad query string – WP Security > Firewall > PHP rules tab. Deny bad query strings: uncheck the checkbox and save
    3) Advanced char filter – WP Security > Firewall > PHP rules tab. Enable advanced character string filter :uncheck the checkbox and save
    4) 5g firewall rules – WP Security > Firewall > 6G Blacklist firewall rules tab. Enable legacy 5G firewall protection uncheck the checkbox and save
    5) 6g firewall rules – WP Security > Firewall > 6G Blacklist firewall rules tab. Enable 6G firewall rules – uncheck the checkbox and save
    6) WP Security > Firewall > Internet bots ban – Blank HTTP headers Ban POST requests that have a blank user-agent and referer

    You do not have permission to access this page. Please log in and try again.

    This error you see

    Do you have force logout / salt postfix setting on ?

    WP security > User security > Force logout.

    WP security > User security > Salt postfix

    That might be the reason you are auto logged out and have to login again.

    Regards

    Thread Starter a2d2

    (@a2d2)

    1 year, 9 months ago

    Thank you for your reply. I deleted AIOS and then reinstalled. I could not recreate the “You need a higher level of permission. Sorry, you are not allowed to customise this site” problem.

    I then imported all my settings and immediately got the “You do not have permission to access this page. Please log in and try again.” error.

    On logging back in I saw that all my settings had been imported so I tried to recreate the problem with the custom CSS but I could not.

    In response to the above here are the AIOS settings that I have been using:

    1. REST API – already unchecked
    2. DENY BAD QUERY STRING – already unchecked
    3. ADVANCED CHAR FILTER – already unchecked
    4. 5G FIREWALL RULES – already unchecked
    5. 6G FIREWALL RULES – already enabled
    6. BAN POST REQUESTS – already enabled

    Also:

    • Yes, force logout is enabled
    • Yes, Salt postfix is enabled

    If the problem recurs, it seems like I have 3 things to manipulate: (1) REST API; (2) force logout; (3) Salt postfix. Otherwise, perhaps a reinstall helped?

    Plugin Support hjogiupdraftplus

    (@hjogiupdraftplus)

    1 year, 9 months ago

    Hi @a2d2,

    (1) REST API – keep it unchecked nothing to chagne.

    (2) force logout – if possible increase time length

    (3) Salt – you may disable it

    In the future, you have a saving CSS issue. Please try disabling one by one below two.

    6G FIREWALL RULES – already enabled

    BAN POST REQUESTS – already enabled

    Regards

    Viewing 4 replies - 1 through 4 (of 4 total)

    The topic ‘Access denied error for appearance customization (additional CSS)’ is closed to new replies.

    Tags