403 for utm_campaign with "bad" word

“drop” would only be blocked if one of the other conditions are being used in the Query String: (;|<|>|'|"|\)|%0A|%0D|%22|%27|%3C|%3E|%00) and I do not see that any of these conditions are in the URL that you posted.

This is the SQL Injection security filter in your root .htaccess file. As an experiment/test remove drop| from the security filter and see if this is actually the problem. Typically what actually occurs in these cases is that your feed has a dangerous coding character in the URL and that is what is actually being blocked. Check your BPS Security Log for the error log entry regarding this URL error. Only post 1 error log entry for this specific error and NOT your entire Security Log. Thanks.

RewriteCond %{QUERY_STRING} (;|<|>|'|"|\)|%0A|%0D|%22|%27|%3C|%3E|%00).*(/\*|union|select|insert|drop|delete|update|cast|create|char|convert|alter|declare|order|script|set|md5|benchmark|encode) [NC,OR]

Ah ok i see it now.

there are semi-colons in the Query string so that makes both conditions true. ;utm_medium. When posting this in the WordPress forum the semi-colons are being converted and are not being shown: & amp ;

That brings up an interesting issue because semi-colons are used in SQL Injection attacks. will have to look into this some more.