WordPress admin ajax 403 Forbidden issue fix

Update Jun 03, 2016:

As a new update when you try to do this action it gives you an option to whitelist the action in question. Something like this.

wordpress-admin-ajax-403-forbidden-issue-fix-whitelistSo it solves this issue for the current user.

Old (outdated ?) story

I am using popular Newspaper theme on few of my websites. While editing theme settings from admin end it suddenly stopped saving theme settings. I tried different thing including inspect element and hence found this in the console. (see admin ajax 403 forbidden message)

wordpress newspaper theme admin ajax 403 Forbidden issue fixclick to enlarge

Next step was to find what caused it

After a good amount of debugging, which included disabling all WordPress plugins and enabling them one by one, I discovered it was Wordfence Security plugin which as a measure to prevent XSS attacks blocked requests sent to admin-ajax.php as they (requests) contained javascript code which I saved to save my Google Adsense code. See Live Traffic log screen from Wordfence Security as below:

error block word fence securityclick to enlarge

What was the Work-around?

Is there a permanent or more smarter solution? I don’t know. Disable Wordfence Security,?? NO, not at all!

However here is what I did in order to fix it for me. Look at the image below:

work around for theme setting not saved problemclick to enlarge

So everytime you wanted to edit theme options, just add your current IP address into this fields. If you have got static IP you could add it permanently and forgot it until your IP is changed. However if you have got dynamic IP like me, add it everytime you want to edit something in your theme including adsense ad code etc. I think if you dont have any javascript code block in your theme settings you may not be wanting to do anything silly such as this or infact you may not be looking at this post at all! :)

Leave a Reply