A few days ago, I got an email about problems with comments on this blog. When you tried to post a comment you only got this error message:
Forbidden
You don’t have permission to access /wp-comments-post.php on this server.
If you search for this error for WordPress, you get plenty of answers. However, most of them are full of ads and hide their solution behind a wall of text. I finally found a good way to check what is wrong:
- Check if the permissions of the wp-comments-post.php file are different to the other sites
- Check if there is an entry in the .htaccess file about wp-comments-post.php
In my case there was an entry in the .htaccess file and it even included the plug-in that created this entry:
As it turns out, the last update of the iThemes Security plug-in to version 7.5.0 blocked all comments. Not only the spam, but everything. I had to disable the comment protection to get comments back online. You can find those settings under the Security navigation block. From there, go to WordPress Tweaks and click on Configure Settings:
In this list of options, you need to scroll down to Comment Spam and disable this option:
As soon as you click on the Save Settings button on the left side, the entry in the .htaccess file is removed and your readers can comment on your posts again.