403 Forbidden on self GET wp-admin

[thefrosty]

I've been seeing this 403 Forbidden error in my HTTP API Calls for quite some time, and am looking into it.

It's a URL in which can be hit on any WordPress install with the standard DB Update screen (if they aren't blocking such a request). So internally I would expect no such error.

I can hit the /wp-admin/upgrade.php?step=1 on my site in a private non-logged in window, so just trying to understand what else I might be missing.

Current server stats:

• PHP: 8.2.15 (was happening on 8.0 too)
• Apache 2.4.58 (behind nginx reverse Proxy)
• Multisite/multinetwork.

[johnbillion]

That's the standard mechanism that WordPress multisite uses to perform updates on sites within the network. I've no idea why it could return a 403.

This isn't triggered by Query Monitor, despite what the "Component" column says. Sometimes QM will blame itself if it's not sure what triggered the request or if your site uses a non-standard directory structure.

[thefrosty]

Thanks, I'll continue my investigation elsewhere.