Users are getting locked out of the server by ModSecurity for cPanel. Checking the log, I find error messages like:
“Cross-site Scripting (XSS) Attack. Matched signature <.cookie>”] [severity “CRITICAL”] [hostname “**redacted**”] [uri “/wp-content/plugins/simple-notices/js/jquery.cookie.js”]
Any chance you can update the plugin so that it does not generate files with the word “cookie” in the file name?
Thanks for the speedy reply. It would appear that the block is caused by the word “cookie”. After seeing about a dozen of these blocks over the last 24 hours, I Googled the error message and found that one user had rewritten the plug-in and associated files to use “.wookie” instead of .cookie and the problem resolved.
Since you say that the jquery.cookie.js is a common library, I’ll forward this first to our server engineer and see what he says. I’ll post an update when I hear back from him.