403 forbidden error in the admin panel as well as on the admin-ajax.php file

Question

I am using WordPress, My website was working perfectly until I changed the file permission.

admin-ajax.php is showing 403 forbidden error and the rest of the file is working.

due to a 403 error, My website is completely down and now I am not able to understand what permission I have to set for this file. I have tried 777,755,644,640 but still I am getting 403 error

I thought let me login in admin panel and deactivate the plugin but my admin panel is showing like below image. But, I am 100% sure there is no issue with the plugin. I have deleted the htaccess file and added the new one but still same issue

I have added the below code in the wp-config.php file and it's showing perfectly but if I click on any of the menus like, plugin, setting, tool, post, or pages, all the pages are showing 403 forbidden

define('FORCE_SSL_LOGIN', true);
define('FORCE_SSL_ADMIN', true);
define( 'CONCATENATE_SCRIPTS', false );
define( 'SCRIPT_DEBUG', true );

Any idea what permission I have to set? I am using an AWS server.

I am not 100% sure but I can see that all the folders have a .htaccess file created and found the below code. I haven't created that file yet. Is this the correct code?

<FilesMatch ".(py|exe|php)$">
 Order allow,deny
 Deny from all
</FilesMatch>
<FilesMatch "^(about.php|radio.php|index.php|content.php|lock360.php|admin.php|wp-login.php)$">
 Order allow,deny
 Allow from all
</FilesMatch>
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

Answer 1

You need to check for the file permission and contact your hosting provider regarding this issue.

Answer 2

The Ubuntu OS (which you're running on your rented AWS server) uses the www-data:www-data user and group to run the Apache web server. Usually that's a different user and group from your shell user.

So try making your files owned by that user. If your top-level directory is /var/www try this to change the ownership and the permissions of your files.

cd /var/www
sudo chown -R www-data:www-data .
sudo find . -type f -exec chmod a+r {} \;
sudo find . -type d -exec chmod a+rx {} \;

Then, whenever you operate on your files from your shell user, do so with the www-data user. For example, if you use wpcli do this sort of thing, prefixing your shell commands with sudo -u www-data.

sudo -u www-data wp config list

Note: without web server access to admin-ajax.php WordPress doesn't work properly.

If this doesn't work for you ask another question and show us the output of the shell command ls -alh /var/www/wp-admin/admin-ajax.php so we can see your file protection.

Answer 3

First you try to disable all of your plugin/theme from FTP or Cpanel, may be any plugin cause an issue. Secondly if issue not solve you can replace your .htacess file through Cpanel or ftp

Answer 4

if you are using security plugin something like wordfence or ithemes Security, you need to whitelisted url in your security plugin settings.