- This topic has 4 replies, 3 voices, and was last updated 8 years, 2 months ago by
.
Viewing 5 posts - 1 through 5 (of 5 total)
-
Posts
-
I just installed WPLMS in a brand new Wordpress 4.4.1 install and the top menu login button is triggering a Mod_security 406 error (see below) and preventing login. Disabling Mod_security in cPanel gets rid of the error but is not an option because it will make my server vulnerable to attack. From my error log below it looks like Mod_security thinks I am trying to brute force login on my own site. ModSecurity: Access denied with code 406 (phase 2). Operator GE matched 1 at TX:brute. [file "/usr/local/apache/conf/modsec-imh/40_wordpress.conf"] [line "27"] [id "13052"] [msg "POST to wp-login.php without redirect_to"] [severity "WARNING"] [tag "WEB_ATTACK/SHELL ACCESS"] Why is the WPLMS code triggering a Mod_security error and is there a way around this without disabling it in cPanel?Modern theme uses social logins and it also have ajax registrations which creates user and logins him at the same time . Generally servers do not returns error in this process . There maybe security mod to prevent the direct user creation in your server .I see however I am using the Default theme so your reply doesn't address the issue it seems. What can we do?YOu can disable the mod security in your server and please inatal the wanggaurd plugin to protect site from spam registrations .
Viewing 5 posts - 1 through 5 (of 5 total)
- The topic ‘Mod_security 406 login error [security issue]’ is closed to new replies.