Title: strpos(): Empty needle in Last modified: February 4, 2021 --- # strpos(): Empty needle in * [EMar](https://wordpress.org/support/users/sounds/) * (@sounds) * [5 years, 3 months ago](https://wordpress.org/support/topic/strpos-empty-needle-in/) * Hi, * Upgraded wordpress and can’t access admin area, can’t edit pages. * Forbidden You don’t have permission to access /main/wp-admin/post.php on this server. * Found this in the site error.log strpos(): Empty needle in /home/user/public_html/ main/wp-includes/plugin.php on line 687 Viewing 2 replies - 1 through 2 (of 2 total) * Thread Starter [EMar](https://wordpress.org/support/users/sounds/) * (@sounds) * [5 years, 3 months ago](https://wordpress.org/support/topic/strpos-empty-needle-in/#post-14005173) * I renamed the plugins folder but no luck, * I went into Centos Web Panel and went to CWP Mod Security Configuration Ticked Off for mod security and now I am able to access the site. But I can’t leave mod security disabled can I? I want o fix it. * While I’m able to access the wp admin area, I downloaded my .htaccess then deleted it from the wp installation, and recreated it in Permalink Settings, * I then enabled mod security again in CWP, site inaccessible again. * Also tried disabling all plugins from wp admin, no luck. * Also if I click Check IP in CWP Mod Security Configuration, I get: IP not found in /usr/local/apache/domlogs/domain.ie.error.log * I looked in that error log and see this: * Pattern match “([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\ +\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\”\\\\’\\\\\\xc2\\xb4\\\\\\xe2\\x80\\ x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}” at REQUEST_COOKIES:wp-settings- 1. [file “/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks. conf”] [line “157”] [id “981172”] [rev “2”] [msg “Restricted SQL Character Anomaly Detection Alert – Total # of special characters exceeded”] [data “Matched Data:& found within REQUEST_COOKIES:wp-settings-1: libraryContent=browse&editor=tinymce& hidetb=1&advImgDetails=show&mfold=o”] [ver “OWASP_CRS/2.2.9”] [maturity “9”] [ accuracy “8”] [tag “OWASP_CRS/WEB_ATTACK/SQL_INJECTION”] [hostname “www.domain. ie”] [uri “/main/wp-admin/admin-ajax.php”] [unique_id “YBx2vFQAhI@7FrxHy28emwAAAFU”], referer: [https://www.domain.ie/main/wp-admin/post.php?post=2&action=edit](https://www.domain.ie/main/wp-admin/post.php?post=2&action=edit) * Would that be the issue ? * Should I add anything to Edit mod security rules for this website? * Any pointers appreciated. - This reply was modified 5 years, 3 months ago by [EMar](https://wordpress.org/support/users/sounds/). - This reply was modified 5 years, 3 months ago by [EMar](https://wordpress.org/support/users/sounds/). * Thread Starter [EMar](https://wordpress.org/support/users/sounds/) * (@sounds) * [5 years, 3 months ago](https://wordpress.org/support/topic/strpos-empty-needle-in/#post-14005393) * I found another solution, * In Centos web panel, go to Security > Mode Security, * In ModSec Rules Profile, Changed from: OWASP Latest (Old Rules come as default with CWP) To: OWASP Latest (Latest with automatic updates). * Enabled mod security again in CWP, now I can access site. Viewing 2 replies - 1 through 2 (of 2 total) The topic ‘strpos(): Empty needle in’ is closed to new replies. * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/) * 2 replies * 1 participant * Last reply from: [EMar](https://wordpress.org/support/users/sounds/) * Last activity: [5 years, 3 months ago](https://wordpress.org/support/topic/strpos-empty-needle-in/#post-14005393) * Status: not resolved ## Topics ### Topics with no replies ### Non-support topics ### Resolved topics ### Unresolved topics ### All topics