403 Error in Word press when saving pages or posts.

apache-logoWe recently ran into an issue being rolled on out on a handful of various web hosting companies using the Apache/Cpanel and whm server configuration. This recent server patch which started with one host and we observed as other host providers implemented it later and observed the same error happen these other hosting companies. The issue exists with Apache Mod Security (mod_sec) firewall flags.

THE PROBLEM

wordpress-logoThe error in word press you will see will be a 403 error on saving a page or post.

Another symptom you can’t edit a page or post as a 403 error also gets generated.

This recent patch, has a mod_security setting that has an issue with flagging functionality in wordpress forcing a mod_security flag causing the error.

 

THE FIX

Please note that not every item below is part of the fix, in most cases one of these 4 options will correct the problem. If the problems persist look into tracking the IP addresses via .conf rules to adjust for true attacks vs false positives.

1. In the .htaccess file for wordpress add in a mod_security parameter to disable (mod_security might be compiled to prevent this switch from working or by limiting the .htaccess authorization via AllowOverride settings.

SIMPLE HTACCESS CODE:

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
<IfModule mod_security.c>
  SecFilterEngine Off
  SecFilterScanPOST Off
</IfModule>
# END WordPress

2. In Cpanel you can go to the mod security tab – disable mod security (not all web hosts allow mod security changing through cpanel – some providers restrict it).

3. If you are on a shared/co-host environment you may to contact your hosting support –  tell them you are having a mod security issue related to 403 error and they should be able reset the mod security so your install works correctly.

4 . If you are on a VPS or DEDICATED SERVER you should have access to root folders in cpanel you can edit your conf and mod security rules at  /usr/local/apache/conf/ and edit httpd.conf

Find the configuration item and remove the # symbol.

#LoadModule rewrite_module modules/mod_rewrite.so

NOTE: The other cause of this problem can sometimes be file permissions, permalinks or corrupted .htaccess files, all of which are relatively easy to correct.

 

A Great 2016!

Digitalis Creative had a very amazing 2016 and we are looking forward to an even better 2017! We have many projects already underway for the coming new year! We will be posting some information about them as soon as we are allowed to =)!  Some of the projects we are already working on are a large charity event, software launch and more.

We are looking forward to many exciting opportunities in 2017 with many people and businesses contacting us for help and possible integrated partnership.  Please be patient as we process the requests.

Google geolocation data and audio/video tracking

With all of the Google related services many functions are enabled by default.  If you wish to see what types of data, geo-location data, recording audio etc.

You can see exactly what type of information your devices are sending to Google.  This is more of a quick note for some of our clents to be aware where their data actually goes and how it is tracked.

If you visit the Google link  Google Activity

You will be able to see all the information collected, however there is no way to currently delete ALL items (interesting lack of functionality)

You must click each line item for as long as your history goes back.

You can however pause Google’s ability to record events via camera, mic or other data they are collecting.