I have a MainWP Dashboard hosted on one server, and I noticed that I can’t upload plugins or themes to sites that are hosted on servers different from where the MainWP Dashboard itself is hosted. (For sites hosted on the same server as the MainWP Dashboard, everything works fine.)
Normal connections (like synchronization, updates, reports, etc.) work, but every operation that involves uploading files via the MainWP Dashboard >>> Child Site (such as sending a .zip) fails and gives a “forbidden” error.
I tested and found that if I upload the file directly through the child site, it uploads normally — so I believe the destination server’s firewall is blocking external requests coming from the IP of the source server.
Note: Even after disabling ModSecurity on the destination server, the error persists.
I’ve already contacted the hosting support, but I’d like to know if anyone here has had the same problem and if they know the solution.
This community site is English-only, so I’ve used machine translation to translate and edit your post.
Please review the translation below and correct it if needed.
For future posts, please write in English so we can assist you properly and ensure others can follow the discussion.
That “Forbidden” message when installing a plugin via ZIP upload to a child site usually means the child site is blocked from fetching the ZIP file from your Dashboard.
If you have any security plugins (like Solid Security, WPO365, Wordfence, etc.) or restrictive .htaccess rules on the MainWP Dashboard site, they might be blocking the request.
Please try temporarily deactivating or removing any security rules and see if that helps.
Additionally, if your MainWP Dashboard site is behind Cloudflare, whitelist its IP or temporarily disable the proxy.
We also have a KB about whitelisting MainWP in Cloudflare’s firewall: Troubleshoot connection problems - MainWP WordPress Management
Solved!
It really was the /wp-admin change.
I needed to create some permission rules within the .htaccess file for the IP addresses of the servers where the child sites are hosted.
This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.
WordPress® is a registered trademark of the WordPress Foundation, and WooCommerce® is a registered trademark of WooCommerce, Inc. MainWP is an independent product and is not affiliated, associated, or endorsed by the WordPress Foundation, WooCommerce, Inc., or Automattic Inc., except where noted under the Jetpack® API and Trademark License Agreement. All product names, logos, and brands are property of their respective owners and are used for identification purposes only.