ModSecurity Preventing WordPress Save Function

Jan 8, 2020
16
1
3
New Hampshire, USA
cPanel Access Level
Root Administrator
Hi, I am having issues with ModSecurity and the save function on WordPress websites. When I Activate "Do Not Process the Rules" under "Rules Engine" then WordPress saves without a problem. Looking at other posts I didn't seem to find a resolution. I did see someone from cPanel ask a user "If you go WHM>>Security Center>>ModSecurity>>Vendors do you still have the Imunify vendor present?" In my case the answer is no. If you believe this is my issue please let me know how to install this. It looked fairly simple but I wanted to be sure this is ok to do before I researched it and just installed it not fully understanding what I was doing. TIA!
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,304
1,250
313
Houston
In the instance, I was referencing Imunify, the user was receiving an error specific to imunify. In this case, what is the error you're getting in the apache error logs from mod_security when WordPress saves?
 
Jan 8, 2020
16
1
3
New Hampshire, USA
cPanel Access Level
Root Administrator
Thank you for the reply. There doesn't seem to any errors being recorded, the save function never seems to actually fail. The circle next to the save button just keeps spinning. The only two errors I see being recorded are these:

[Wed Mar 25 05:59:35.242661 2020] [authz_core:error] [pid 30333:tid 47319667623680] [client 74.124.211.139:55464] AH01630: client denied by server configuration: /home/nhwh468702/public_html/.user.ini, referer: https://domain.org/.user.ini

[Wed Mar 25 04:25:19.515028 2020] [access_compat:error] [pid 2610:tid 47319663421184] [client 45.79.163.69:45470] AH01797: client denied by server configuration: /home/nhwh468702/public_html/wp-includes/css/index.php

I recreated the problem just prior to sending this post but do not see any newer errors in the log.
 
Last edited by a moderator:

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,304
1,250
313
Houston
Neither of those is related to the issue you're experiencing I don't believe. I was looking for the output from mod_security specifically to identify what rule is being hit. You can also see this at WHM>>Security Center>>ModSecurity Tools
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,304
1,250
313
Houston
Ok, that's the default which is good but that also is interesting as any hits you get on ModSecurity rules (i.e., if it blocks access to something ) should be logged in the audit log as well as in the hits list. Are you using the default OWASP vendor as well? If so you may want to open a ticket so that we can look into the issue further and identify what rule is being matched that's blocking Wordpress from saving.


Thanks!
 
Jan 8, 2020
16
1
3
New Hampshire, USA
cPanel Access Level
Root Administrator
On the WordPress forum someone mentioned the solution below but I wasn't able to find the etc/apache2/apache2.cnf file. I found the etc/apache2/ folder but that's where I hit a dead end....

This problem definitely looks like a permission problem. If you are using an Apache2 server in a Linux OS you should take a look at the server permissions.

To solve this issue you should edit your /etc/apache2/apache2.conf and set the AllowOverride of the directory /var/www to All.

It should look like this:

<directory /var/www/>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
<directory>

After that run:

sudo systemctl restart apache2 && sudo a2enmod rewrite

And restart again:
sudo systemctl restart apache2

If you need more details, this is a helpful (and simple) tutorial:
https://diviextended.com/set-allowoverride-ubuntu-wordpress-permalink-work/