Wordpress 2.5.1 hates mod_security, sorta
I upgraded to Wordpress 2.5.1 a few weeks ago. Overall, it seems pretty nice.
Friday, everything was fine. Saturday, I tried to make a post, but when I clicked the “Publish” button, I got a blank webpage. Suck.
So I spent a couple hours (ugh) tracking the problem down today, and finally discovered this in the Apache error log:
[Sun May 25 14:41:59 2008] [error] [client 24.130.18.75] mod_security: Access denied with code 503. Unknown error [severity “EMERGENCY”] [hostname “spuriousinterrupt.org”] [uri “/journal/wp-admin/admin-ajax.php”]
Not a particularly useful error message. Fortunately, my web host (Dreamhost) allows me to disable mod_security on a per-domain basis, so I tried that, and voila, everything works fine. Presumably my web host upgraded mod_security, or changed its configuration, sometime between Friday and Saturday which broke things, as I didn’t change anything with Wordpress or my website.
So, if Wordpress breaks for you at some point, be sure to check your mod_security configuration, or temporarily disable it entirely to see if that’s the problem.
Hopefully Dreamhost can help me find a better solution than disabling it entirely…