ModSecurity causing issues with WordPress Plug ins

Status
Not open for further replies.

hunky

New member
Hello,

I have just installed WordPress and didn't like the new block editor. One intimidate solution is to use the WordPress Plug in Classic Editor (by WordPress team) to get the familiar interface.

However this plug in is generating error 404 when I am trying to post or even save a draft (with post.php file). After a bit of reading, it seems to be a common problem with ModSecurity. However as an user I don't have any access to configure the mdsecurity rules from server side and it is said to be the job for server admins.

Keeping the ModSecurity disabled in cPanel for my sub domain (under which I have installed the WordPress) is making the installation work fine. For the time being, I am keeping it disabled and herewith I am drawing the attention of the server admins to look into the issue to configure the modsecurity in a way so that wordpress can function properly.

I do beg your pardon if I am not understanding the issue properly and there is something else I may need to do at my end to make it function properly. Please do understand, I am not a certified server admin.

If you wish to check and recreate the issue, simply install wordpress along with classing editor and try to edit a post or compose a new post to publish or save that as a draft.

Thanks.
 

Genesis

Administrator
Staff member
hunky said:
Keeping the ModSecurity disabled in cPanel for my sub domain (under which I have installed the WordPress) is making the installation work fine. For the time being, I am keeping it disabled and herewith I am drawing the attention of the server admins to look into the issue to configure the modsecurity in a way so that wordpress can function properly.

Hi Hunky. Thank you for the detailed feedback and reminder about modsecurity issues which as you know is also a problem with the Forum. I've been repeatedly pleading with our Tech Admin to check the issue and see whether disabling modsecurity on the server side will help but looks as though our Tech Admin on the server side is unavailable for a while now. I don't want to turn it off myself on the server side as ModSecurity is there for a reason - if a decision is made to disable it I'd prefer it to be our Chief Tech Admin who is in control on the server side.

HOWEVER, have you checked your cPanel as you do have the ability to turn ModSecurity on or off for all of your domains or sub-domains. You need to check the ModSecurity tool in the Security section of the cPanel tools. You can then tick it on or off that way.

QNf4IWn.png


While I was doing my research, I also discovered an article from cpanel recommending that when one does any development of a Website to turn ModSecurity off during the development phase, as it is bound to trigger the ModSecurity 403 error. Then once development or changes have been completed to turn it back on. I know that's a pain. But I'm curious. After you turned off ModSecurity for your sub-domain and made the changes successfully, have your tried to turn it back on again for protection?

Not sure whether you knew about the security tool in cpanel, but if not, maybe that would be an easy way to work on your Websites and have them protected at the same time. As ModSecurity is there for a good reason. I.e., when you decide to work on a site to turn the modsecurity off first for the domain of the site, and once it is up and running turn it back on.
 

Genesis

Administrator
Staff member
Marked as solved.

Feel free to open a new topic if you have any questions, issues, suggestions or feedback
 
Status
Not open for further replies.