- 4 years, 7 months ago Grwd1ParticipantMember
I just installed WPLMS in a brand new WordPress 4.4.1 install and the top menu login button is triggering a Mod_security 406 error (see below) and preventing login. Disabling Mod_security in cPanel gets rid of the error but is not an option because it will make my server vulnerable to attack.
From my error log below it looks like Mod_security thinks I am trying to brute force login on my own site.
ModSecurity: Access denied with code 406 (phase 2). Operator GE matched 1 at TX:brute. [file “/usr/local/apache/conf/modsec-imh/40_wordpress.conf”] [line “27”] [id “13052”] [msg “POST to wp-login.php without redirect_to”] [severity “WARNING”] [tag “WEB_ATTACK/SHELL ACCESS”]
Why is the WPLMS code triggering a Mod_security error and is there a way around this without disabling it in cPanel?4 years, 7 months ago AlexKeymaster
Modern theme uses social logins and it also have ajax registrations which creates user and logins him at the same time .
Generally servers do not returns error in this process .
There maybe security mod to prevent the direct user creation in your server .4 years, 7 months ago Grwd1ParticipantMember
I see however I am using the Default theme so your reply doesn’t address the issue it seems. What can we do?4 years, 7 months ago raysimSpectator
Ah great! i disabled the modsec in my host and it resolved for me.
I tot it was a plugin issue.
The topic ‘Mod_security 406 login error [security issue]’ is closed to new replies.