# Blocked by Hardening Rules

## What This Means

This issue occurs when legitimate requests are being blocked by one or more hardening controls.

This may affect access to certain pages, features, or functionality.

---

## Common Symptoms

- receiving a 403 Forbidden error  
- specific pages or endpoints not loading  
- features or integrations failing  
- inconsistent access depending on location or device  

---

## Why This Happens

Hardening controls restrict access to improve security.

In some cases, these restrictions may:

- block legitimate requests  
- conflict with plugins or themes  
- interfere with integrations or APIs  

This is more likely in environments with custom configurations or external services.

---

## How to Fix It

Try the following steps:

---

### 1. Identify the Blocked Resource

- determine which page, endpoint, or feature is affected  
- note any error messages or response codes  

---

### 2. Review Recent Changes

- identify recently applied hardening controls  
- consider which control may be responsible  

---

### 3. Adjust the Control

- modify the configuration if possible  
- allow necessary access for specific functionality  
- reduce overly strict restrictions  

---

### 4. Test Incrementally

- reapply controls one at a time  
- test after each change  
- confirm which control is causing the issue  

---

### 5. Revert if Necessary

- disable the problematic control  
- restore functionality  
- re-evaluate whether the protection is required  

---

## What to Expect After Fixing

After resolving the issue:

- affected pages or features should function normally  
- appropriate protections can remain in place  
- unnecessary restrictions can be removed or adjusted  

---

## How to Prevent This

- apply hardening controls gradually  
- test functionality after each change  
- understand how controls affect your environment  

---

## When to Seek Help

If the issue persists:

- document the affected functionality  
- note which control is involved  
- include any error messages  
- contact support with details  

---

## Key Principle

Security controls should protect your site without interfering with legitimate use.

---

## Related

- [Unexpected Site Behavior](https://docs.steelwp.com/books/troubleshooting/page/unexpected-site-behavior)
- [Restrict Sensitive Endpoints](https://docs.steelsecurity.com/books/hardening-reference/page/restrict-sensitive-endpoints)
- [Safe Rollback Practices](https://docs.steelsecurity.com/books/plugin-guide/page/safe-rollback-practices)