If you're trying to upload a theme or plugin to WordPress and see a 403 error, this could be due to our security system.
If our security detects anything that may look malicious in the upload, it will block the installation.
You can check this by reviewing the Errors in cPanel under the Metrics section:
If you have an entry similar to the following, your upload is considered to be a security threat.
[Sat Jul 15 14:46:12.881892 2023] [error] [client 0.0.0.0]
ModSecurity: Access denied with code 403, [Rule: 'TX:log_cookie_316805' '!@rx ^$']
[id "77316805"] [msg "IM360 WAF: WordPress plugin/theme install. Block malicious upload||
SC://wp-admin/update.php||Name:||Hash:b02a2c761e61ac3feca1c5ebd8577aebf69c6fad||Time:20230715144612||
Addr:0.0.0.0;login:1;get:;upl:1||User:||T:LITESPEED||"] [severity "CRITICAL"] [tag "wp_core"]
[hostname "website.com.au"] [uri "/wp-admin/update.php?action=upload-plugin"]
Note the ModSecurity entry and Access denied
If you're 100% sure what you are uploading is not malicious, you can disable security temporarily by following this guide:
How to temporarily turn off cPanel web hosting security.
If you don't see a security error message in the log, the issue may be related to incorrect INI settings.
Check your upload, timeout and memory settings.
Don't hesitate to contact our helpdesk for more assistance if required.
