post 403 forbidden, wordpress site on justhost

I have a journal application on my WordPress site hosted by Justhost that worked great a couple of weeks ago, but now it will not allow me to add journal entries. On keyup, it is supposed to dynamically send whatever I write in the textarea into the mysql database. I know my database connection is good, because the textarea does display everything I had written previously. I have tried disabling all of the plugins and that did not help, so i suspect this is being caused by WordPress or my hosting provider. I have tried various tweak suggestions to .htaccess, but still get the following error in my console each time I type a key into the textarea:

Error: POST http://myfullname.com/wp-content/themes/myportfolio/updatejournal.php 403 (Forbidden)

Read More

Here are the files:

page-journal.php

<?php 
    session_start();
    include("connection.php");
    if (!$_SESSION['id']) exit( wp_safe_redirect( home_url() . '/privatejournal' ) );
    $query="SELECT journal FROM users WHERE id='".$_SESSION['id']."' LIMIT 1";
    $result = mysqli_query($link, $query);
    $row = mysqli_fetch_array($result);
    $journal = $row['journal'];
?>

<!DOCTYPE html>
  <head>
  </head>

  <body data-spy="scroll" data-target=".navbar-collapse">

    <div class="container contentContainer" id="topContainer">
        <div class="row">
            <div class="col-md-6 col-md-offset-3" id="topRow">
                <textarea class="form-control"><?php echo $journal; ?></textarea>
            </div>
        </div>
    </div>


    <script>
        $(".contentContainer").css("min-height", $(window).height());
        $("textarea").css("height", $(window).height()-110);

        $("textarea").keyup(function() {
            $.post("<?php bloginfo('template_url'); ?>/updatejournal.php", {journal:$("textarea").val()} );
        });
    </script>
  </body>
</html>

updatejournal.php

<?php
    session_start();

    include("connection.php");

    $query = "UPDATE users SET journal='".mysqli_real_escape_string($link, $_POST['journal'])."'WHERE id='".$_SESSION['id']."' LIMIT 1";

    mysqli_query($link, $query);

?>

Various posts I have found on this subject said this may be caused by mod_security, but none of the workarounds they suggested have helped. Here is my .htaccess file:

# Use PHP5.4 as default
AddHandler application/x-httpd-php54 .php

# Changed PHP handler from application/x-httpd-php54 to application/x-httpd-phpbeta on Mon Nov 23 12:39:39 MST 2015.

# For security reasons, Option followsymlinks cannot be overridden.
#Options +FollowSymLinks
Options +SymLinksIfOwnerMatch
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]

RewriteCond %{REQUEST_URI} ^/(wordpress|folder1|folder2)/
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule . /index.php [L]
# Fix 403 errors on existing directories; WordPress overrides.
RewriteCond %{REQUEST_URI} ^/(wordpress)/
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule . /index.php [L]
</IfModule>

# END WordPress

<IfModule mod_security.c>
SecFilterEngine Off
SecFilterScanPOST Off
</IfModule>

Related posts

1 comment

  1. The .htaccess file located in the wp-content folder was corrupted. I went into the text editor and emptied the file. WordPress eventually rewrote the content automatically. Everything works fine now.

Comments are closed.