This board is only for raising and voting on feature requests (Ideas / Suggestions).
Please raise any Bugs via "Get Help" button on your calendar admin dashboard.

More competability with Security plugins for 403 errors.

Several security plugin options, which increase security to the blog, are causing problems with new requests (changing the month etc.) and are displaying 403 errors.

More information on this support item:

A solution was offered >  disable the several security options.

I understand that this is a 'Solution', but these are only temporary solutions.
I do hope a permanent fix for this problem will be found.

As this is just a minor settings within the security plug ins, for this time I'll disable it.
But these security settings are there to increase the security of the websites and I think most of us will agree that you want to keep your websites as secure as possible. I would consider finding alternate plug-ins, to keep the security settings in place. And I'm taking this into consideration for future projects, I like this event plugin, but security is a hot issue, with some first hand experience in hacked sites, I give this a higher priority at the moment.

As said, I hope a more perminent fix can be found for this problem. And via the forums, the suggestion to put it here was made.

  • Guest
  • Aug 30 2016
  • Planned: All
  • Attach files
  • Admin
    Rik Logtenberg commented
    March 13, 2017 14:42

    Hello! Thanks for raising this issue.

    We are sending it to our technical team. 


    Timely Dev Team

  • Jonathan Eiseman commented
    August 11, 2017 17:01

    This problem occurs when you click on the arrow key to go to the next period. The URL is something like this:

    The All-In-One WP Security plugin has an option to "Enable Advanced Character String Filter". This will add rules to the .htaccess file. Specifically it adds a redirect to 403 if the url contains the tilde character (~).

    This problem could be fixed by not using the tilde character in your url.

  • Kevin Taylor commented
    January 19, 2018 00:52

    I'm experiencing this same issue and see that it was reported well over a year ago (via the Wordpress support link above). Jonathan Eiseman's comment about the "Filter Suspicious Query Strings in the URL" (which is how it is worded in the iThemes Security plugin) solved the issue, but I agree that is a temporary work around not a permanent solution. I'm not a programmer, but it seems like a simple fix.

    Any updates on progress?