I am getting a 403 or 406 error when trying to login or upgrade my script. [WordPress, Joomla, Drupal, SMF, IPB, vBulletin, etc...]

Why am I getting a 403 0r 406 when trying to login or update?

As of early April 2015 we enabled a set of ModSecurity rules on all Shared, Reseller, and Premium servers to protect our clients from malicious bots and hackers.

Over the years the number of malicious attacks we see hit our customers on our network has grown exponentially and the fact of the matter is that not everybody keeps all of their software up-to-date.  Beyond that even some scripts that are fully up to date have vulnerabilities found by malicious individuals which are then used before a patch can even be made.

ModSecurity does help protect from all of that as well as much more.  One side-effect of ModSecurity is that generally updating a script isn't going to be doable without first disabling ModSecurity.

Why do I need to disable ModSecurity to perform updates?

ModSecurity does have an extensive set of rules that watch for what is called SQL Injection.  This is where a remote attacker tries to use a vulnerability in your software to get a copy of your database or worse.  The update process for most scripts does include SQL and, as a result, tends to look like an attack to ModSecurity.

Disabling ModSecurity for the update is as simple as placing the following text in a file called ".htaccess" within the root folder of the script.  The file is hidden as its name begins with a period but it is visible by default via FTP and optionally in the cPanel file manager when you check the 'Show Hidden Files' box.

To disable ModSecurity via ".htaccess" File:

<IfModule mod_security.c>
  SecFilterEngine Off
  SecFilterScanPOST Off

What should I do when I am done updating?

We do strongly suggest that after you complete the updates you either remove these lines or comment them out by pre-pending a "#" to each line so you can uncomment it for future use.

  • 50 Users Found This Useful
Was this answer helpful?

Related Articles

How do I access my cPanel?

Accessing your cPanel directly You can get to your control panel by appending "/cpanel" on to...

What is the difference between public_html and www?

As far as you and your visitors will see there is no difference between the public_html and the...

How hard is it to upgrade my plan and is there a fee?

Upgrading your plan is as easy as contacting support and requesting the upgrade.  We will...

Setting PHP Environment Variables

To set custom PHP Environment Variables such as register_globals, display_errors,...

MySQL Stored Procedures

All MDDHosting clients can use MySQL stored procedures and routines on their web hosting...