Chief Technology Officer

Welcome to my blog.

Here you’ll find some of my website & my latest news, tutorials and general information.

mod_security blocking my IP when editing post in WordPress

August 27, 2013Omar Nofl0 Comments

Editing post in WordPress editor, after a few minutes, my IP will be blocked by mod_security automatically, put it in the firewall denied access list, and the log is showing security concern “5 in the last 300 secs“.

To quickly fix it, I have to restart my modem or get a new IP to access my server via SSH or WHM, then delete the blocked IP manually. Here’s my environment :

  1. WordPress 3.6
  2. Classic Apache + ModSecurity + CSF/LFD

After many tried and errors, I found out this may caused by the WordPress “autosave” and post revision features. When editing a post, WordPress will keep autosave the “draft” or “post revision” during the defined interval, and too often will TRIGGER the mod_security rules easily.

Here are two solutions :

1. Whitelist WordPress Action

This is suggested by my server supporter, whitelist some common WordPress actions in mod_security. Edit whitelist.conf, and put following rules inside.

<LocationMatch "/wp-admin/page.php">
SecRuleRemoveById 300013 300014 300015 300016 300017

<LocationMatch "/wp-admin/post.php">
SecRuleRemoveById 300013 300014 300015 300016 300017

<LocationMatch "/wp-admin/admin-ajax.php">
SecRuleRemoveById 300013 300014 300015 300016 300017

SecRule REQUEST_URI  "/wp-admin/async-upload.php" phase:1,nolog,allow,ctl:ruleEngine=Off
SecRule REQUEST_URI  "/wp-admin/async-upload.php" phase:2,nolog,allow,ctl:ruleEngine=Off

2. Disable Post Revisions

Disable WordPress post revisions feature, or increase its autosave interval. Edit wp-config.php, add following code:

define('AUTOSAVE_INTERVAL', 300 ); // seconds, 5 mins
define('WP_POST_REVISIONS', false );

Leave a Reply

You must be logged in to post a comment.