ModSecurity is a web application firewall that can help protect your website from various types of attacks. However, it can sometimes interfere with legitimate requests, such as when using the WordPress Theme editor. In this case, you can create exclusion rules to allow the Theme editor to function properly. Here’s an example of how you can do this:
- Locate the ModSecurity configuration files on your server. These are typically located in the /etc/httpd/conf.d/ or /etc/modsecurity/ directory.
- Open the modsecurity.conf or modsecurity_crs_10_config.conf file.
- Add the following exclusion rule at the bottom of the file:
This will disable the rule that is blocking the Theme editor.
- Check the rules that are blocking the theme editor, you can do that by checking the error logs, and find the rule id then add the SecRuleRemoveById id_rule in the modsecurity.conf or modsecurity_crs_10_config.conf file
- Restart the Apache web server for the changes to take effect:
sudo service apache2 restart
- Test the Theme editor to make sure it is working properly.
Please note that this is just an example, and the exact steps may vary depending on your server’s configuration. It’s important to review the error logs and identify the rule that is causing the problem, and to make sure that the rule is actually blocking the theme editor, and not blocking something else. It’s also important to make sure that this exclusion rule does not affect the security of your website and that the theme editor is not vulnerable.
If you are not familiar with the server’s configuration, you may want to consider hiring a developer or a professional service to fix the issue.
Last modified: January 13, 2023