Support » Fixing WordPress » post.php forbidden… sometimes

  • Resolved oldmanstan

    (@oldmanstan)


    why is it that sometimes when i try to post a page i get a Forbidden error. i copy-pasted some content into the visual editor, hit create page and… forbidden. then i delete the content and post a blank page and it works just fine… does WP reject certain things? certain tags maybe? anyone? i’m not familiar with the souce code or i’d try to figure it out myself, thanks!

Viewing 5 replies - 16 through 20 (of 20 total)
  • one last answer: no.

    you are NOT “creating” a security hole, you are disabling a security feature.

    There IS a difference.

    Thread Starter oldmanstan

    (@oldmanstan)

    ok, then i will rephrase… is it a bad idea to disable this particular security feature, in other words should i keep looking for a better solution or is it reasonably safe to leave this feature disabled?

    A bad idea to me might not be a bad idea to someone else. In other words, Im not going to provide reassurance or critique regarding your web site’s security

    Generally speaking, its always better to disable as little as possible when it comes to security. It would follow then, that if a solution exists whereby you can selectively disable mod_security, either on a per-directory or per-file basis, it would be more prudent to take that route.

    Will the sky fall if you let it be? Probably not, but I could always be wrong.

    Security is all about risk management.

    Mod_security protects you against badly written software, nothing more nothing less. So it all comes down on how ‘secure’ the WordPress code is. Or even more important, how good YOU think the WordPress code is.

    Second point to take into account is what kind of info you keep on the box. If it’s mission critical or sensitive information, or if it’s public info anyhow, where the occasional backup is adequate enough.

    Based on these factors, you have to make the choice if you want to take the extra risk you’re running without mod_security.

    I can’t say anything about the second point, but if I look at just the first point, I’d personally leave it running as you have now.

    Thread Starter oldmanstan

    (@oldmanstan)

    thank you

Viewing 5 replies - 16 through 20 (of 20 total)
  • The topic ‘post.php forbidden… sometimes’ is closed to new replies.