mod_security Preventing Saving of Plugin Settings

In certain scenarios, the “ModSecurity” server setting will interfere with and disrupt this plugin. The reason this happens is because some ModSecurity configurations will falsely flag the settings page’s requests as a potential threat to the security of the system and will throw a 403 Forbidden or 500 Internal Server error.

You may also receive an ambiguous 404 Not Found error if your server has not been set up to correctly serve 500 Internal Server errors.

See below for a few tips on how to work around this issue.

.htaccess Rule Override

It is sometimes possible to disable ModSecurity using an .htaccess rule. You can try placing the following in your root directory’s .htaccess file to disable ModSecurity for admin.php, the file we leverage to send the plugin’s settings data to the server for storage.

Disable ModSecurity

This is fastest and most effective fix for this issue but not very ideal. This is extremely effective in determining whether or not this is actually a ModSecurity issue or not.

If you determine that ModSecurity is causing the settings page to fail you could have your host check the ModSecurity logs, which contain a reference to the exact rule that is triggering this issue. With this information, you may be able to work with your host to have them change their ModSecurity rules to allow the plugin to function correctly, as no dangerous information is actually submitted to the server when attempting to save the settings.


Tekanewa has written 35 articles

Hi there, I am the Lead Developer here at Tekanewa Scripts by Kraut Coding; well, to be honest, I'm also the only developer. I love to create something beautiful and useful for Websites and here I write about how to use them. :)