I know numerous folks have asked similar question ... wordpress is in the root folder.
I have restored a Wordpress site mtp and get a 403 error for the home page and also wp-admin. I can access the site using /wp-admin/index.php and I can also access some other pages like /meet-me/
If I enable Wordpress debug and try to open /index.php I get a load of php depreciation warnings - but no errors.
this is my virtual host conf
<VirtualHost *:80>
ServerName michaeltissington.com
ServerAlias www.michaeltissington.com
DocumentRoot /var/www/michaeltissington.com/html
DirectoryIndex index.php, index.html
<Directory "/var/www/michaeltissington.com/html">
AllowOverride All
Options FollowSymLinks
Order allow,deny
Allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
LogLevel emerg
RewriteEngine on
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=302]
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName michaeltissington.com
ServerAlias www.michaeltissington.com
DocumentRoot /var/www/michaeltissington.com/html
DirectoryIndex index.php, index.html
<Directory "/var/www/michaeltissington.com/html">
AllowOverride All
Options FollowSymLinks
Order allow,deny
Allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
LogLevel emerg
RewriteEngine on
RewriteCond %{SERVER_NAME} =www.michaeltissington.com
RewriteRule ^ https://michaeltissington.com%{REQUEST_URI} [END,NE,R=302]
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/michaeltissington.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/michaeltissington.com/privkey.pem
</VirtualHost>
</IfModule>
I have deleted and recreated .htaccess
# Browser caching
<IfModule mod_expires.c>
ExpiresActive On
ExpiresByType font/woff2 "access plus 1 month"
ExpiresByType video/mp4 "access plus 1 month"
ExpiresByType image/jpg "access plus 1 month"
ExpiresByType image/svg+xml "access 1 month"
ExpiresByType image/gif "access plus 1 month"
ExpiresByType image/jpeg "access plus 1 month"
ExpiresByType image/png "access plus 1 month"
ExpiresByType text/css "access plus 1 month"
ExpiresByType text/javascript "access plus 1 month"
ExpiresByType application/javascript "access plus 1 month"
ExpiresByType image/ico "access plus 1 month"
ExpiresByType image/x-icon "access plus 1 month"
ExpiresByType text/html "access plus 600 seconds"
</IfModule>
# Block User ID Phishing Requests
<IfModule mod_rewrite.c>
RewriteCond %{QUERY_STRING} ^author=([0-9]*)
RewriteRule .* https://michaeltissington.com/? [L,R=302]
</IfModule>
# BEGIN WordPress
# The directives (lines) between "BEGIN WordPress" and "END WordPress" are
# dynamically generated, and should only be modified via WordPress filters.
# Any changes to the directives between these markers will be overwritten.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
I have made sure file permissions are correct by doing the following
find -type f -exec chmod 644 {} +
find -type d -exec chmod 755 {} +
