Thank you for the review. Are you able to find the “Save All Changes” button under the “Plugin Settings” panel? Let me know how I can help, thank you.
Thank you very much for your quick reply. Yes, there was a button, but after clicking the message “You are not authorized to start this action.” (or similar) with “white page” came up. This, even though i am the admin of the page.
The blank white page means an error has happened. Normally there are no errors with the plugin. In order to find out the cause of the error, you can examine your site’s error log. There you will find a log entry (or multiple entries) each time the error happens. Ask your web host how/where to view the log file on your server if needed, thank you.
Dear Jeff, thanks a lot indeed for your answer. Yes, the blank page does not seem to show something nice. π As soon, as i am clicking the “save changes” (german: alle Γ€nderungen speichern) button, the error occures – for an unknown reason. I have tried and analyzed many things, but without success. Bitter. Anyways: Let me list you some actions, i made: 1. Disabled all plug-ins. 2. Installed peepso and the usp peepso integration. 3. cleaned up my db before installing usp. 4. removed any plug-in, that could get in conflict with usp. Nothing helped. I also contacted the nice peepso people (awaiting reply). Question: Do i need to have special user rights (“privileges”) – even though i am ADMIN? To let you know, what i want to do: I SIMPLY want to change some USP user form settings (disable “name”, “e-Mail” and other fields), activate the graphical text ui and activate the image upload. I also would like to have the pro version for more features. Thanks a lot.
-
This reply was modified 3 months ago by
tomlandon.
Thank you for the detailed reply, it is appreciated.
Basically there are two good ways to get information for troubleshooting and figuring out what is happening. The first as mentioned is to simply examine the site’s error log. That would tell us exactly the cause of the blank white screen. See my previous reply for more details.
And the other way that would be super useful is to temporarily deactivate all other plugins, switch to the default WP theme, and then try again. I would be glad to provide a guide that explains this basic troubleshooting technique in more detail if it might be useful for you.
Let me know how I can help, thank you.
This error occured also with other plug-ins BEFORE i removed “Booknetic” (PRO). Seriousely: I removed “Booknetic” – and all other plug-ins worked great again. But not USP. Got no refund. π
I GUESS, this issue is still related with the plugin, i named above. AND: Before peepso i used to have “vikinger” – also a great theme, BUT the same issue with USP. As i wrote: I think, the plug-in i named above limited my admin rights. What i have found, are privileges named with “0”, “1” and “2”. So instead of “read_conent” or “change_users” those show digits (numbers). STRANGE.
By the way: I also tried other “front page submission” plug-ins – and had not this issue. But: None of those has been as complete, as yours USP.
-
This reply was modified 3 months ago by tomlandon.
Understood. Thanks again for all the detailed information. It sounds like a potential conflict with another plugin, perhaps regarding user permissions as you mention. Let me know if you are able to check the error log for the exact description of the error, or feel free to post again if I may provide any further information. I am glad to help anytime, thank you.
I apologize for consuming so much time. Here is the error log:
[Fri Dec 12 09:26:14.027115 2025] [:error] [pid 3206970:tid 3206982] [remote 37.76.6.91:39736] [client 37.76.6.91] ModSecurity: Access denied with code 403 (phase 2). Pattern match “(?:< ?script|< ?(?:i?frame ?src|a ?href) ?= ?(?:ogg|tls|ssl|gopher|zlib|(ht|f)tps?)\\:/|document\\.write ?\\(|(?:<|< ?/) ?(?:(?:java|vb)script|applet|activex|chrome|qx?ss|embed)|< ?/?i?frame\\b|< ?img src ?=|< ?base href ?=)” at ARGS:usp_options[auto_image_markup]. [file “/etc/httpd/modsecurity.d/modsec/10_asl_rules.conf”] [line “1131”] [id “340148”] [rev “156”] [msg “Atomicorp.com WAF Rules: Potential Cross Site Scripting Attack”] [data “<img src=”] [severity “CRITICAL”] [hostname “expertom.pro”] [uri “/wp-admin/options.php”] [unique_id “aTwmBnNz-evj8tWV_-eiDQAAFAo”], referer: https://expertom.pro/wp-admin/options-general.php?page=user-submitted-posts
Okay thanks, that is very useful. In order to proceed please send a quick email via our contact form, and we can continue troubleshooting from there. Thank you.
-
This reply was modified 3 months ago by
Jeff Starr.
<?php
/**
* Plugin Name: USP ModSecurity Fix
* Description: Prevents ModSecurity rule 340148 from triggering by escaping <img> markup in USP settings before saving.
* Version: 1.0.0
* Author: Tom Landon
*/
if (!defined('ABSPATH')) {
exit;
}
/**
* Escape <img> in USP settings before saving
*/
add_filter('pre_update_option_usp_options', function($new_value, $old_value) {
if (isset($new_value['auto_image_markup'])) {
// Escape <img ...> tags to avoid triggering ModSecurity
$new_value['auto_image_markup'] = preg_replace_callback(
'/<\s*img[^>]*>/i',
function($matches) {
return esc_html($matches[0]);
},
$new_value['auto_image_markup']
);
}
return $new_value;
}, 10, 2);
This could fix it. Just a small plug-in for your users.
Excellent, I will add a note about this in the plugin documentation so it can help any other users who are using ModSecurity. Thank you, @tomlandon.
