Title: WP_STATISTICS\Admin_Notices->enable_rest_api() Last modified: November 21, 2022 --- # WP_STATISTICS\Admin_Notices->enable_rest_api() * Resolved [Peter Smits](https://wordpress.org/support/users/psmits1567/) * (@psmits1567) * [3 years, 6 months ago](https://wordpress.org/support/topic/wp_statisticsadmin_notices-enable_rest_api/) * Hi My statistics overview page does not work It appears that the rest api call is blocked I get a 403 error on this call [https://xxxx.com/wp-json/wp-statistics/v2/hit](https://xxxx.com/wp-json/wp-statistics/v2/hit) What is causing this problem, because WordPress health does report that the REST API is active and working I disabled all plugins, and my .htaccess file without succes Viewing 4 replies - 1 through 4 (of 4 total) * Plugin Author [Mostafa Soufi](https://wordpress.org/support/users/mostafas1990/) * (@mostafas1990) * [3 years, 6 months ago](https://wordpress.org/support/topic/wp_statisticsadmin_notices-enable_rest_api/#post-16221988) * Hi, * Can you please check the response of the HTTP request on your **Network > XHR**? I guess your webserver is blocked due to some reason. * [https://wp-statistics.com/resources/troubleshoot-with-cache-plugins/](https://wp-statistics.com/resources/troubleshoot-with-cache-plugins/) * Thread Starter [Peter Smits](https://wordpress.org/support/users/psmits1567/) * (@psmits1567) * [3 years, 6 months ago](https://wordpress.org/support/topic/wp_statisticsadmin_notices-enable_rest_api/#post-16222512) * I checked your suggestion, but there are no XHR errors to see in Network The below lines are from my console `jquery.js?ver=3.6.1:10135 XHR finished loading: POST “[https://xxxx.com/wp-admin/admin-ajax.php”](https://xxxx.com/wp-admin/admin-ajax.php”);. send @ jquery.js?ver=3.6.1:10135 ajax @ jquery.js?ver=3.6.1:9716 jQuery.ajax @ jquery-migrate.js?ver=3.3.2:305 connect @ heartbeat.js?ver=6.1.1:416 (anonymous) @ heartbeat.js?ver=6.1.1:511 Navigated to [https://xxxx.com/wp-admin/admin.php?page=wps_overview_page](https://xxxx.com/wp-admin/admin.php?page=wps_overview_page) jquery-migrate.js?ver=3.3.2:69 JQMIGRATE: Migrate is installed with logging active, version 3.3.2 jquery.js?ver=3.6.1:3832 [Violation] ‘setTimeout’ handler took 82ms jquery.js?ver=3.6.1:3832 [Violation] ‘setTimeout’ handler took 71ms jquery. js?ver=3.6.1:3832 [Violation] ‘setTimeout’ handler took 181ms jquery.js?ver=3.6.1: 3832 [Violation] ‘setTimeout’ handler took 65ms [Violation] Forced reflow while executing JavaScript took 37ms jquery.js?ver=3.6.1:3832 [Violation] ‘setTimeout’ handler took 63ms jquery.js?ver=3.6.1:10135 XHR finished loading: GET “[https://xxxx.com/wp-json/wp-statistics/v2/metabox?name=summary&_=1669110277078”](https://xxxx.com/wp-json/wp-statistics/v2/metabox?name=summary&_=1669110277078”);. send @ jquery.js?ver=3.6.1:10135 ajax @ jquery.js?ver=3.6.1:9716 jQuery.ajax @ jquery-migrate.js?ver=3.3.2:305 t @ admin.min.js?ver=1669110276:1 c.ajaxq @ admin.min.js?ver=1669110276:1 d.ajaxQ @ admin.min.js?ver=1669110276:1 d.run_meta_box @ admin.min.js?ver=1669110276:1 (anonymous) @ admin.min.js?ver=1669110276:1 d. run_meta_boxes @ admin.min.js?ver=1669110276:1 (anonymous) @ admin.min.js?ver =1669110276:1 mightThrow @ jquery.js?ver=3.6.1:3766 process @ jquery.js?ver=3.6.1: 3834 setTimeout (async) (anonymous) @ jquery.js?ver=3.6.1:3872 fire @ jquery. js?ver=3.6.1:3500 fireWith @ jquery.js?ver=3.6.1:3630 fire @ jquery.js?ver=3.6.1: 3638 fire @ jquery.js?ver=3.6.1:3500 fireWith @ jquery.js?ver=3.6.1:3630 ready @ jquery.js?ver=3.6.1:4110 completed @ jquery.js?ver=3.6.1:4120 chunk-frontend- vendors.js?ver=1669110276:13 XHR finished loading: POST “[https://xxxx.com/wp-admin/admin-ajax.php”](https://xxxx.com/wp-admin/admin-ajax.php”);.( anonymous) @ chunk-frontend-vendors.js?ver=1669110276:13 t.exports @ chunk-frontend- vendors.js?ver=1669110276:13 t.exports @ chunk-frontend-vendors.js?ver=1669110276: 13 Promise.then (async) c.request @ chunk-frontend-vendors.js?ver=1669110276: 1 o.forEach.c. @ chunk-frontend-vendors.js?ver=1669110276:1 (anonymous) @ chunk-frontend-vendors.js?ver=1669110276:1 (anonymous) @ chunk-common.js?ver =1669110276:1 a @ chunk-common.js?ver=1669110276:1 Rt @ chunk-common.js?ver=1669110276: 1 (anonymous) @ chunk-frontend-vendors.js?ver=1669110276:13 y.dispatch @ chunk- frontend-vendors.js?ver=1669110276:13 dispatch @ chunk-frontend-vendors.js?ver =1669110276:13 (anonymous) @ frontend.js?ver=1669110276:1 (anonymous) @ chunk- common.js?ver=1669110276:1 tryCatch @ regenerator-runtime.js?ver=0.13.9:63 invoke @ regenerator-runtime.js?ver=0.13.9:294 (anonymous) @ regenerator-runtime.js? ver=0.13.9:119 r @ chunk-frontend-vendors.js?ver=1669110276:20 c @ chunk-frontend- vendors.js?ver=1669110276:20 (anonymous) @ chunk-frontend-vendors.js?ver=1669110276: 20 (anonymous) @ chunk-frontend-vendors.js?ver=1669110276:20 (anonymous) @ chunk- common.js?ver=1669110276:1 (anonymous) @ chunk-frontend-vendors.js?ver=1669110276: 13 y.dispatch @ chunk-frontend-vendors.js?ver=1669110276:13 dispatch @ chunk- frontend-vendors.js?ver=1669110276:13 o.dispatch @ chunk-frontend-vendors.js? ver=1669110276:13 ye @ chunk-common.js?ver=1669110276:1 (anonymous) @ chunk-frontend- vendors.js?ver=1669110276:13 y.dispatch @ chunk-frontend-vendors.js?ver=1669110276: 13 dispatch @ chunk-frontend-vendors.js?ver=1669110276:13 mounted @ frontend. js?ver=1669110276:1 ne @ chunk-frontend-vendors.js?ver=1669110276:7 Un @ chunk- frontend-vendors.js?ver=1669110276:7 In @ chunk-frontend-vendors.js?ver=1669110276: 7 Sr.$mount @ chunk-frontend-vendors.js?ver=1669110276:7 (anonymous) @ frontend. js?ver=1669110276:1 load (async) d67f @ frontend.js?ver=1669110276:1 i @ frontend. js?ver=1669110276:1 4 @ frontend.js?ver=1669110276:1 i @ frontend.js?ver=1669110276: 1 n @ frontend.js?ver=1669110276:1 (anonymous) @ frontend.js?ver=1669110276:1( anonymous) @ frontend.js?ver=1669110276:1 jquery.js?ver=3.6.1:10135 XHR finished loading: GET “[https://xxxx.com/wp-json/wp-statistics/v2/metabox?name=browsers&_=1669110277079”](https://xxxx.com/wp-json/wp-statistics/v2/metabox?name=browsers&_=1669110277079”);. send @ jquery.js?ver=3.6.1:10135 ajax @ jquery.js?ver=3.6.1:9716 jQuery.ajax @ jquery-migrate.js?ver=3.3.2:305 t @ admin.min.js?ver=1669110276:1 i @ admin. min.js?ver=1669110276:1 fire @ jquery.js?ver=3.6.1:3500 fireWith @ jquery.js? ver=3.6.1:3630 done @ jquery.js?ver=3.6.1:9822 (anonymous) @ jquery.js?ver=3.6.1: 10083 load (async) send @ jquery.js?ver=3.6.1:10102 ajax @ jquery.js?ver=3.6.1: 9716 jQuery.ajax @ jquery-migrate.js?ver=3.3.2:305 t @ admin.min.js?ver=1669110276: 1 c.ajaxq @ admin.min.js?ver=1669110276:1 d.ajaxQ @ admin.min.js?ver=1669110276: 1 d.run_meta_box @ admin.min.js?ver=1669110276:1 (anonymous) @ admin.min.js?ver =1669110276:1 d.run_meta_boxes @ admin.min.js?ver=1669110276:1 (anonymous) @ admin.min.js?ver=1669110276:1 mightThrow @ jquery.js?ver=3.6.1:3766 process @ jquery.js?ver=3.6.1:3834 setTimeout (async) (anonymous) @ jquery.js?ver=3.6.1: 3872 fire @ jquery.js?ver=3.6.1:3500 fireWith @ jquery.js?ver=3.6.1:3630 fire @ jquery.js?ver=3.6.1:3638 fire @ jquery.js?ver=3.6.1:3500 fireWith @ jquery. js?ver=3.6.1:3630 ready @ jquery.js?ver=3.6.1:4110 completed @ jquery.js?ver= 3.6.1:4120 * Thread Starter [Peter Smits](https://wordpress.org/support/users/psmits1567/) * (@psmits1567) * [3 years, 6 months ago](https://wordpress.org/support/topic/wp_statisticsadmin_notices-enable_rest_api/#post-16222832) * Hi, I may have found the reason why the page is not working This is what I found in the server log `[Tue Nov 22 10:09:41.581359 2022] [:error] [pid 8029:tid 139702778644224][ client 5.132.73.70:33712] [client 5.132.73.70] ModSecurity: [file "/etc/httpd/ conf/modsecurity.d/rules/tortix/modsec/10_asl_rules.conf"] [line "523"] [id " 340165"] [rev "292"] [msg "Atomicorp.com WAF Rules: Uniencoded possible Remote File Injection attempt in URI (AE)"] [data "/wp-json/wp-statistics/v2/hit?_=1669067933& _wpnonce=f97f6fb512&wp_statistics_hit_rest=yes&referred=https://xxxx.com&exclusion_match =no&exclusion_reason&track_all=1¤t_page_type=home¤t_page_id=8&search_query& page_uri=/"] [severity "CRITICAL"] Access denied with code 403 (phase 2). Pattern match "=(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2? |cp)|dict|expect|(?:ht|f)tps?)://" at REQUEST_URI. [hostname "psmits.com"] [uri"/ wp-json/wp-statistics/v2/hit"] [unique_id "Y3yR1R6Bebl7NE3b6KPq6gAAABQ"], referer: https://xxxx.com/` * Seems that the server is blocking the page due to what they call a “Injection attempt” * Plugin Author [Mostafa Soufi](https://wordpress.org/support/users/mostafas1990/) * (@mostafas1990) * [3 years, 5 months ago](https://wordpress.org/support/topic/wp_statisticsadmin_notices-enable_rest_api/#post-16292296) * Hi, * That’s correct, can you please put this endpoint in your white list of the firewall? [https://wiki.atomicorp.com/wiki/index.php/Atomic_ModSecurity_Rules#Step_5:_Create_the_whitelist_file](https://wiki.atomicorp.com/wiki/index.php/Atomic_ModSecurity_Rules#Step_5:_Create_the_whitelist_file) Viewing 4 replies - 1 through 4 (of 4 total) The topic ‘WP_STATISTICS\Admin_Notices->enable_rest_api()’ is closed to new replies. * ![](https://ps.w.org/wp-statistics/assets/icon.svg?rev=3081064) * [WP Statistics – Simple, privacy-friendly Google Analytics alternative](https://wordpress.org/plugins/wp-statistics/) * [Frequently Asked Questions](https://wordpress.org/plugins/wp-statistics/#faq) * [Support Threads](https://wordpress.org/support/plugin/wp-statistics/) * [Active Topics](https://wordpress.org/support/plugin/wp-statistics/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/wp-statistics/unresolved/) * [Reviews](https://wordpress.org/support/plugin/wp-statistics/reviews/) * 6 replies * 2 participants * Last reply from: [Mostafa Soufi](https://wordpress.org/support/users/mostafas1990/) * Last activity: [3 years, 5 months ago](https://wordpress.org/support/topic/wp_statisticsadmin_notices-enable_rest_api/#post-16292296) * Status: resolved