Edit: Upon further testing, this appears to be a problem with our server after all, not Matomo. Any request to the server involving that character gets us that 403 response, not just to matomo.php. Apologies for the erroneous bug report!
We're using the HTTP API with the WP-Matomo plugin. (However this seems to be a Matomo problem rather than a WP-Matomo problem.) The
matomo.php requests were responding with 403 Forbidden on every page except for the home page.
After some debugging, we found that the long dash character in the document title (
%E2%80%93) seemed to be causing this error. Almost every document
<title> on our site has the long dash (–) character in it, since it's our separator between the page name and the website name. ex. "Feedback – Site Name". (Which was why the home page request was working; that title is just "Site Name".)
If we make 2 requests via curl (copied from actual requests made on the page), identical except one has the long dash and the other does not, the one with the long dash 403s and the one without responds with 200 OK. (Even though it appears to be properly encoded in the request as
%E2%80%93, like `action_name=Feedback%50%E2%80%93%20Site%20Name'.)
We've been unable to find any logs relating to this error, not in:
/logs/php_error(there's nothing in
Let me know if any other info is needed or if there are any other logs I should be looking in.
Put this in description as well: Upon further testing, this appears to be a problem with our server after all, not Matomo. Any request to the server involving that character gets us that 403 response, not just to matomo.php. Apologies for the erroneous bug report!
Just in case anyone else is having an issue like this, updating with the actual problem: we had a Wordpress install on the server that held our Matomo code. It had a plugin enabled (iThemes Security Pro) which contained a feature to "filter out requests with non-English characters." So the endash was triggering that.