Today we noticed that users which are member of the group “Authors” cannot access “Posts” anymore. When clicking on “Posts”, instead of the list of Posts they got “Forbidden”. It did not affect users without own posts, but as soon they created a post, or someone changed the author of a post to their name, the post-list became “Forbidden.”
Users of groups including the capability “edit_others_posts” were not affected and after adding the capability “edit_others_posts” to the group “Authors” the problem was gone. As this is not an acceptable solution i was looking further, and it showed that:
- deactivating WP fail2ban
instantly fixes the problem.
this is a multisite installation, WP fail2ban is activated network-wide.