WordPress 2.5.1 hates mod_security, sorta

  • May 25, 2008
  • Brian Tarricone

I upgraded to Wordpress 2.5.1 a few weeks ago. Overall, it seems pretty nice.

Friday, everything was fine. Saturday, I tried to make a post, but when I clicked the "Publish" button, I got a blank webpage. Suck.

So I spent a couple hours (ugh) tracking the problem down today, and finally discovered this in the Apache error log:

[Sun May 25 14:41:59 2008] [error] [client] mod_security: Access denied with code 503. Unknown error [severity "EMERGENCY"] [hostname "spuriousinterrupt.org"] [uri "/journal/wp-admin/admin-ajax.php"]

Not a particularly useful error message. Fortunately, my web host (Dreamhost) allows me to disable mod_security on a per-domain basis, so I tried that, and voila, everything works fine. Presumably my web host upgraded mod_security, or changed its configuration, sometime between Friday and Saturday which broke things, as I didn't change anything with Wordpress or my website.

So, if Wordpress breaks for you at some point, be sure to check your mod_security configuration, or temporarily disable it entirely to see if that's the problem.

Hopefully Dreamhost can help me find a better solution than disabling it entirely...


  • May 23, 2008
  • Brian Tarricone

Yeah, Cornell CS students! I'm proud of you guys. Looks like my old Operating Systems professor (Prof. Sirer) is involved as well. Cool.