In this article, you will discover how to fix ModSecurity issues for WordPress & BBPress.
Mod Security (modsec), a strict security measure that occasionally disrupts website functionality, becomes the reason behind WordPress and BBPress troubles after the website is moved to a new host and upgraded the server software.
Problems:
- WordPress: I couldn’t create/edit posts or upload media.
- BBPress: Posting replies failed, triggering server errors.
The solution involved disabling specific ModSec rules for affected scripts.
Follow the simple steps:
- Find and edit the ModSec configuration file (e.g., /usr/local/apache/conf/modsec2/exclude.conf).
- For WordPress, add these rules for affected scripts:
<locationmatch “/wp-admin/admin-ajax.php”> SecRuleRemoveById 300013 300015 300016 300017 949110 980130 </locationmatch>
- For BBPress, add this rule:
<locationmatch “/bb-post.php”> SecRuleRemoveById 300013 300015 300016 300017 </locationmatch>
- Update ModSec settings in the main config (/usr/local/apache/conf/modsec2.conf) by including the whitelist file:
Include “/usr/local/apache/conf/modsec2.user.conf”
- Restart Apache.
This way the issue gets fixed by modifying ModSec rules without compromising overall security. If you are on shared hosting, you may ask your host to make these changes.
For additional assistance, contact our support specialists.