Intermittent 403 Forbidden errors in WP Admin (LiteSpeed/ModSecurity block?)

[WsapEvents]

Hi x10hosting support team,

I am experiencing an issue where I am getting stuck in an infinite loop of intermittent 403 Forbidden errors while working in my WordPress backend.

My domain name: https://wsapevents.be/
Hosting Server Name: x10

The Symptoms:

• While working in the WP dashboard (specifically on pages like admin.php?page=sc-orders), my connection suddenly drops with a 403 error.
• It blocks my entire IP address. Every device on my home network gets the 403 error.
• After about 10-15 minutes, the block resolves itself and I can browse again.
• However, once I resume working in the dashboard, the 403 block returns shortly after.

Troubleshooting I've done:
I am using Cloudflare, but I have ruled them out as the cause. I checked the browser DevTools Network tab during a 403 error, and the response headers show:
Server: cloudflare
X-Turbo-Charged-By: LiteSpeed
Because the LiteSpeed header is present, it indicates Cloudflare is passing the request successfully, but the x10hosting origin server is rejecting the request and returning the 403. There is also nothing logged in my WordPress error logs.

My Questions:

• Could staff please check the server's ModSecurity, firewall, or rate-limiting logs for my IP address? It seems like standard background WordPress requests are triggering a false-positive security block. (I am happy to provide my IP address via private message to staff if needed!)
• I have been running this site for a while and this never used to happen in the past, and my workflow hasn't changed. Were there any recent updates to the server's firewall rules or resource limits that might explain why this is suddenly happening now?
  
  

Kind regards,
Robin

 

[mrburnsx]

I have sent it up to an admin to further look. However, me checking your site, I get a 403 pretty quickly (right after your main page loads, anything else is 403) and can not replicate that issue on a clean wordpress installation. I want to say its likely not a "standard" background Wordpress requet, but something else being done in addition to the standard requests

 

[Eric S]

We can not reproduce this when viewing the site. Can you attempt to gather any console logs when you encounter the 403 on your end?

 

[WsapEvents]

Sure. It happens at random but i feel like it happens more frequently on the admin pages than on the public pages. Altho users tell me that they experience it on their side aswell. Just like mrburnsx said.

I am thinking its a plugin / addon which is causing this issue. But i can not see why in the logs. And i didnt yet figure out which one it is.

If you need more info i can provide you with it if you want.

Already a big thanks for looking into this.

 

[WsapEvents]

I have analyzed my server logs and identified that the block is happening at the server level (LiteSpeed) rather than within WordPress itself.

The Evidence:
My LiteSpeed error log shows the following entries at the exact moment of the block:
[INFO] Client IP from header: [MY_IP_ADDRESS], conn limit: 200, cur conns: 4, access: 3, overlimit: 1s, access denied

The Trigger: The issue seems to be easily to reproduce by using the SureCart plugin. Modern WordPress plugins like SureCart use the WordPress REST API to load dashboard data. When I navigate to the "Orders" or "Invoices" page, the browser sends multiple simultaneous requests to /wp-json/surecart/v1/ to fetch data. Even though I only have 4 active connections, i suspect the "burst" of requests within a 1-second window appears to be triggering the LiteSpeed "Per IP Throttling" or "Connection Limit" settings.

Do you perhaps have more logs about this issue so i can more accurately pinpoint the issue?