How can I whitelist a URL via .htaccess?

If you go to http://www.t**** and click on the profile icon you will get a login form - Try and login with any of the social media icons - it gives the following error:

“Forbidden: You don't have permission to access /wp-content/plugins/wordpress-social-login/hybridauth/ on this server.”

When I troubleshooted the Wordpress Social Login plugin the following is said:
404, or 403 HTTP Error.
This issue usually happen when :
There is a .htaccess file who prevent direct access to the WordPress plugins directory.
Your web host uses mod_security to block requests containing URLs (eg. hosts like HostGator, GoDaddy and The Planet).
In any of these two cases, WSL requires this url to be white-listed:

As suggested during the chat, I tried to place a .htaccess file in that directory (/wp-content/plugins/wordpress-social-login/hybridauth/) with the following rule (for Apache 2.4 and above):

<Files *.php>
Require all granted

But I’m still getting the same error. Is there any other way to whitelist a URL via .htaccess or another way to achieve this?

Thank you very much for your help.

  • James Morris
    • WordPress Enthusiast

    Hello Liesl van Wyk

    You were very close with your .htaccess! With the following change, I was able to get this to work for you.

    <Files *.php>
    Order allow,deny
    Allow from all

    This was placed in ~/wp-content/plugins/wordpress-social-login/hybridauth

    Please note that what was causing this was our Defender plugin's prevent PHP execution security tweak. By dropping the .htaccess in that plugin's folder, this "whitelisted" that plugin's php files and allowed them to run.

    Also, in my testing, I noticed you haven't yet set your domain as among the allowed OAuth Domains in your Facebook app. Please be sure to do that for full functionality.

    Best regards,

    James Morris

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.