Resolved Nginx error 403 -Css not load for admin url

[Aethem]

Server operating system version

Debian 12

Plesk version and microupdate number

18.0.53 Update #2

Hello Plesker,
I did the recommended security changes via the wptoolkit.

After this admin url lost the CSS.

2023-08-02 09:28:20

Error

xx.x.xx.xx.xx

403

GET /wp-admin/load-styles.php?c=0&dir=ltr&load%5Bchunk_0%5D=dashicons,admin-bar,wp-pointer,site-health, common,forms,admin-menu, da shboard,list-tables, edi t,rev isions,media,themes,about,nav-m&load%5Bchunk_1%5D=enus,widgets,site-icon,l10n,buttons,wp-auth-check&ver=6.2.2 HTTP/2.0

371

nginx SSL/TLS acces

I tried to remove the applied security via the pwtoolkit but it was not applied correct.

i.e. remove in wpconfig: define('CONCATENATE_SCRIPTS', false);

WordPress Admin Dashboard is not displayed properly on a website hosted in Plesk: “access forbidden by rule” or “client denied by server configuration” - Support Cases from Plesk Knowledge Base

WordPress Admin Dashboard is not displayed properly on a website hosted in Plesk: “access forbidden by rule” or “client denied by server configuration” - Support Cases - Plesk Knowledge Base

www.plesk.com

I removed the row from the wp-config.php file by hand.

As far as I can see this restrictions is added to /etc/nginx/plesk.conf.d/vhosts/domain.com as well but it's autogenerated and wil be overwritten on any changes. How is the configuration created

Maybe this error causes another applied security via the wptoolkit. I can't be sure it will be removed by unchecking the dependent security block in wptoolkit

Temporaly I disable the WAF in the Plesk Settings with no effort.

Currently I'm lost how to continue with the troubleshooting.

I would be very grateful for help

 

[Peter Debik]

tried to remove the applied security via the pwtoolkit but it was not applied correct.

Could you please describe what you mean by this? Did saving the new setting not work? Or could you not uncheck the checkboxes to save the new configuration?

 

[Aethem]

Hi Peter,

please see my seetings below.

i.e. Disable scripts.. and Disable file editing Status turns not into green after "Secure" it, but the Setting is written to the wp-config.php

 

[Peter Debik]

- Have you verified that the settings exist only exactly once in the wp-config.php file?
- Is it a default wp-config.php file or was it modified in any way?

 

[Aethem]

-I just saw it's a similar entry autogenerated in the nginx config file, but there is no config display in plesk.
-It's default wp-config.php file

 

[Peter Debik]

Something seems to be out of sync between web server configuration, wp-config.php and WP Toolkit. Maybe it can help to "detach" the WP Toolkit from this website, then run "# plesk repair web <your domain name>", clear the unnecessary directives from wp-config, remove the ".wp-toolkit-ignore" file from the document root directory of the website, then "scan" with WP Toolkit again for the website.

 

[Aethem]

Hello Peter,

thank you for your feedback.

-I did the command plesk repair web <your domain name>"
-no costume lines on wp-config
-I don't find .wp-toolkit-ignore

The Css for the admin backend still don't load correct.

 

[Aethem]

 

[Kaspar]

Hello Peter,

thank you for your feedback.

-I did the command plesk repair web <your domain name>"
-no costume lines on wp-config
-I don't find .wp-toolkit-ignore

The Css for the admin backend still don't load correct.

Did you detach the site from the WPT first?

 

[Aethem]

I didn't, sorry.
-I did detach
-Run the Plesk repair command again.
-still cant find the file .wp-toolkit-ignore

BUT, the CSS is loading. Many thanks!

How can I reconnect the wp toolkit?

 

[Kaspar]

Good to read that this solved your issue.

To reconnect your website again to the WP toolkit, remove the .wp-toolkit-ignore file in the document root of your site and afterwards click the "scan" button in the WP toolkit. If you have a lot sites scanning might take a few seconds before your sites get found.

 

[Aethem]

Thank you, now it's solved.