Title: Google Verification 403 Error Last modified: December 18, 2017 --- # Google Verification 403 Error * Resolved [crackajax](https://wordpress.org/support/users/crackajax/) * (@crackajax) * [8 years, 5 months ago](https://wordpress.org/support/topic/google-verification-403-error/) * After setting up the Google Mail API and returning to the plugin settings page to click the button, “Allow plugin to send emails using your Google account,” I cannot complete the transaction due to a 403 error on the auth link. * 1) Click the “Allow plugin to send emails using your Google account” 2) Choose Google account and login 3) App isn’t verified screen – Click “Advanced” and Go to domain link 4) Click “Allow” for app the send email on your behalf 5) The redirect to my site with the query string throws a 403 forbidden error 6) if I remove the scope parameter (scope=https://www.googleapis.com/auth/gmail.send#) from the query string I can return to the page, but with the plugin error of “ There was an error while processing the authentication request. Please try again.” * I have refreshed my .htaccess file but am unsure why I would be receiving this error due to that parameter. After further testing, it is the presence of the“ [https://”](https://”); causing the error. If I remove the https:// it goes through with all other parameters and values to the plugin page with plugin error. If I remove all other parameter and values except “?scope=https://” I receive the 403. * Any ideas of why this parameter is being rejected and is there a workaround that you are aware of? * The page I need help with: _[[log in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fwordpress.org%2Fsupport%2Ftopic%2Fgoogle-verification-403-error%2F%3Foutput_format%3Dmd&locale=en_US) to see the link]_ Viewing 4 replies - 1 through 4 (of 4 total) * Plugin Author [Slava Abakumov](https://wordpress.org/support/users/slaffik/) * (@slaffik) * [8 years, 5 months ago](https://wordpress.org/support/topic/google-verification-403-error/#post-9792517) * Hi [@crackajax](https://wordpress.org/support/users/crackajax/), * Thanks for your awesome report! * I suspect, that not only a `?scope=https://` string is blocked, but actually any `?string=https://` for security reasons. * I’m 99% sure, that the issue is in `mod_security` Apache module (or similar thing) that is working on a server and filtering all requests. And, apparently, blocking some according to its rules. * The solution is both simple and hard because you will need to contact your hosting company support and ask them to unblock such requests by modifying the server and that Apache module rules. * Unfortunately, there is nothing we can do with that inside the plugin itself, as this request does not even reach our plugin code. You can check that by monitoring the Apache `access_log`, which should NOT have the record like this: * ``` https://example.com/wp-admin/options-general.php?page=wp-mail-smtp&tab=auth&code=123ads123sadf&scope=https://www.googleapis.com/auth/gmail.send ``` * I hope that help! Meanwhile, I’m marking this topic as resolved as the issue is in server configuration and the solution is to talk to a host support team. * Thread Starter [crackajax](https://wordpress.org/support/users/crackajax/) * (@crackajax) * [8 years, 5 months ago](https://wordpress.org/support/topic/google-verification-403-error/#post-9792566) * Yes, you were correct. I disabled mod_security temporarily to complete the task. This got it going and then I re-enabled mod_security. Thanks! * [sgarriel](https://wordpress.org/support/users/sgarriel/) * (@sgarriel) * [8 years, 4 months ago](https://wordpress.org/support/topic/google-verification-403-error/#post-9923219) * Wrong Post - This reply was modified 8 years, 4 months ago by [sgarriel](https://wordpress.org/support/users/sgarriel/). Reason: Wrong Post * [gerbentenhove](https://wordpress.org/support/users/gerbentenhove/) * (@gerbentenhove) * [8 years, 4 months ago](https://wordpress.org/support/topic/google-verification-403-error/#post-9948071) * Got the same behavior as TS saw. At least the 1) till 5) that is. But my solution was different. * In my case a security plugin Bulletproof Security (BPS) rated the request from the Google authentication page as malicious and gave the 403. Security Log of BPS said so. * Solution was to add a BPS Custom Code Skip Rule in the wp-admin htaccess file for the specific request that showed up in the security logs. Viewing 4 replies - 1 through 4 (of 4 total) The topic ‘Google Verification 403 Error’ is closed to new replies. * ![](https://ps.w.org/wp-mail-smtp/assets/icon-256x256.png?rev=1755440) * [WP Mail SMTP by WPForms - The Most Popular SMTP and Email Log Plugin](https://wordpress.org/plugins/wp-mail-smtp/) * [Frequently Asked Questions](https://wordpress.org/plugins/wp-mail-smtp/#faq) * [Support Threads](https://wordpress.org/support/plugin/wp-mail-smtp/) * [Active Topics](https://wordpress.org/support/plugin/wp-mail-smtp/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/wp-mail-smtp/unresolved/) * [Reviews](https://wordpress.org/support/plugin/wp-mail-smtp/reviews/) ## Tags * [403 Forbidden](https://wordpress.org/support/topic-tag/403-forbidden/) * 4 replies * 4 participants * Last reply from: [gerbentenhove](https://wordpress.org/support/users/gerbentenhove/) * Last activity: [8 years, 4 months ago](https://wordpress.org/support/topic/google-verification-403-error/#post-9948071) * Status: resolved