Just had a thought that it might not have been the salts… I am going to do some testing and come back with my findings as it may have even been the “hide backend” feature. I will edit this post once I have found the culprit. i wanted to delete the post but I don’t think I have enough “trust” with discourse.
I am exceptionally new to Bedrock and started playing around with it today.
I don’t usually use the advanced option in iThemes security to regenerate new Wordpress salts but have done so successfully in the past. But as I was testing out Bedrock I thought I’d go hard and activate all kinds of things to see if it all works the same as a general Wordpress install. When using this option it causes a 403 Forbidden error across the entire site.
I am assuming this is due to how Bedrock handles Wordpress Salts?