Wordpress And Mod_Security
Posted by BYurick | Posted in Hosting and Maintenance | Posted on 09-15-2009
Comments 3
Tags: apache, Security, setup, wordpress
What is mod_security and why should you care? Well it’s been known to cause some headaches with Wordpress. It’s a firewall module in Apache that’s designed to stop attacks before they can happen. Problem is it can cause havoc by getting falsely triggered.
Ever been writing a new post or page and have the auto save lock up on you?
–> Mod_Security
Get a 404 error when trying to post?
–> Mod_Security
Call up your hosting company and talk to support. Tell them the issues you’re having and ask if mod_security is enabled on your account. More than likely they can disable it (at least temporarily) to see if it fixes the issue. Don’t be afraid to call!
If you enjoyed this post, be sure to subscribe to our RSS Feed 
Both have happened to me, and I can’t thank you enough for pointing me to Mod_Security. LiquidWeb, my host, was happy to work with me to adjust the mod_security settings so that the maximum security was maintained while permitting WordPress to function correctly.
its not a good idea to disable mod_security completely! better adust your ruleset properly to get it working with wordpress.
One of my friends, was facing the similar problem and which was fixed after bypassing some mod_security rules. After further searching on this matter, I have found a good article to bypass certain rules for Wordpress:
http://blog.webhostingdiscussion.net/site-and-server-security/wordpress-and-mod_security2-issues.htm
Thanks,
Ritesh