I am getting a 403 or 406 error when trying to login or upgrade my script. [WordPress, Joomla, Drupal, SMF, IPB, vBulletin, etc...]

Why am I getting a 403 0r 406 when trying to login or update?

As of early April 2015 we enabled a set of ModSecurity rules on all Shared, Reseller, and Premium servers to protect our clients from malicious bots and hackers.

Over the years the number of malicious attacks we see hit our customers on our network has grown exponentially and the fact of the matter is that not everybody keeps all of their software up-to-date.  Beyond that even some scripts that are fully up to date have vulnerabilities found by malicious individuals which are then used before a patch can even be made.

ModSecurity does help protect from all of that as well as much more.  One side-effect of ModSecurity is that generally updating a script isn't going to be doable without first disabling ModSecurity.

Why do I need to disable ModSecurity to perform updates?

ModSecurity does have an extensive set of rules that watch for what is called SQL Injection.  This is where a remote attacker tries to use a vulnerability in your software to get a copy of your database or worse.  The update process for most scripts does include SQL and, as a result, tends to look like an attack to ModSecurity.

Disabling ModSecurity for the update is as simple as placing the following text in a file called ".htaccess" within the root folder of the script.  The file is hidden as its name begins with a period but it is visible by default via FTP and optionally in the cPanel file manager when you check the 'Show Hidden Files' box.

To disable ModSecurity via ".htaccess" File:

<IfModule mod_security.c>
  SecFilterEngine Off
  SecFilterScanPOST Off

What should I do when I am done updating?

We do strongly suggest that after you complete the updates you either remove these lines or comment them out by prepending a "#" to each line so you can un-comment it for future use.
  • 48 Users Found This Useful
Was this answer helpful?

Related Articles

PHP - Cannot modify header information - headers already sent by ...

This message means that your PHP script is sending data to the web browser before the headers and...

What nameservers should I use?

All of our shared, reseller, and semi-dedicated services use the same DNS cluster and the...

Can you enable "local-infile" for MySQL please?

Unfortunately this is an option that we will not enable in any of our shared environments such as...

How do I access my cPanel?

Accessing your cPanel directly You can get to your control panel by appending "/cpanel" on to...

Ordering Hosting - Domain Registration and Transfer Options

When ordering a hosting plan you will be given 3 options:   Register a new domain. Transfer...