The HTTP 406 Not Acceptable error usually means that the server cannot generate a response matching the Accept headers sent by the client. While rare, this can happen in WordPress admin AJAX requests due to a few common reasons:
ModSecurity or another Web Application Firewall (WAF) — This is the most frequent reason. ModSecurity might block AJAX requests it considers suspicious — for example, if they include a Content-Type: application/json header or specific POST parameters.
Strict Accept headers from the client — If the JavaScript request sets a very specific Accept header (like application/json), and the server doesn’t support it or filters it, it may return 406.
Blocked request body content — Some hosting providers filter or block certain characters or patterns in POST bodies — like SQL strings, JSON, or base64 — thinking it’s malicious.
Incorrect Content-Type or malformed response in plugin/theme code — If the plugin or theme manually sets headers or outputs a non-standard response, the server may reject it.
How to troubleshoot:
Temporarily disable ModSecurity or ask the hosting provider to whitelist admin-ajax.php — This is often enough to resolve the issue.
Check server logs (access/error logs) — They may show which rule was triggered and caused the 406 response.
Inspect the browser’s developer tools (Network → Headers) — Look at the request and response headers, especially Accept, Content-Type, and the actual response body.
Try making the same AJAX request without a strict Accept header — For example: fetch(url, { headers: { Accept: '*/*' } })
Temporarily disable security plugins like Wordfence, iThemes Security, etc. — These plugins sometimes interfere with admin-ajax calls.
If the above does not help, you should ask the hosting support for help.
