Hello,
Thank you for contacting the support and sorry for any inconvenience that might have been caused due to that.
Assuming you are using the latest version of all the plugins and the themes (please update if not yet), it would seem like a conflict with one of the plugins or the theme you are using.
To determine that, please follow this troubleshooting guide:
https://rankmath.com/kb/check-plugin-conflicts/
Here is a video you can follow as well: https://www.youtube.com/watch?v=FcIWRhcUP2c
Only the site admin would know and your users won’t be affected by this troubleshooting.
If the issue persists, please edit the first post on this ticket and include your WordPress & FTP logins in the designated Sensitive Data section.
Please do take a complete backup of your website before sharing the information with us.
It is completely secure and only our support staff has access to that section. If you want, you can use the below plugin to generate a temporary login URL to your website and share that with us instead:
https://wordpress.org/plugins/temporary-login-without-password/
You can use the above plugin in conjunction with the WP Security Audit Log to monitor what changes our staff might make on your website (if any):
https://wordpress.org/plugins/wp-security-audit-log/
Please do take a complete backup of your website before sharing the information with us.
We really look forward to helping you.
Talk to my hosting company and show them this problem
This is the hosting company’s response
(Reviewing the error log of the domain it seems that process is being detected as possibly malicious and being interrupted by the extra security of the domain. This is an example of the entries in the error log
[Mon Jul 19 15:40:37.787231 2021] [:error] [pid 28841:tid 3965420807936] [client 154.177.91.88:11304] [client 154.177.91.88] ModSecurity: Access denied with code 418 (phase 2). Operator GE matched 7 at TX:anomaly_score. [file “/dh/apache2/template/etc/mod_sec3_CRS/REQUEST-949-BLOCKING-EVALUATION.conf”] [line “150”] [id “949110”] [msg “Inbound Anomaly Score Exceeded (Total Score: 10)”] [severity “CRITICAL”] [ver “OWASP_CRS/3.3.0”] [tag “application-multi”] [tag “language-multi”] [tag “platform-multi”] [tag “attack-generic”] [hostname “www.matbakhonline.com”] [uri “/wp-admin/admin-post.php”] [unique_id “YPX-ZdfdxPH0az15VfbEUgAAAE8”], referer: https://www.matbakhonline.com/wp-admin/admin.php?page=rank-math-options-general
As ModSecurity looks for patterns it can affect legitimate processes, that behavior would have to be addressed with the developer and how the tool is designed. What we can do from our side is to disable ModSecurity for the domain so the processes are no longer blocked, should I provide additional information on that change?(
Hello,
Please ask your web host to disable ModSecurity.
Disabling ModSecurity should fix the issue.
If the issue persists, check if the theme or any other plugin is conflicting with Rank Math using the Health Check troubleshooting plugin.
https://rankmath.com/kb/check-plugin-conflicts/
I hope this helps. Looking forward to helping you.
There is a workaround other than disabling ModSecurity.
Hello,
As also mentioned by your hosting provider, ModSecurity can also block legitimate processes.
By seeing the error logs, it seems like ModSecurity is indeed causing the issue here.
Please temporarily disable it and if the issue gets fixed, then, unfortunately, disabling ModSecurity would be the best option here.
Please let us know how that goes.
Thank you.
Yes, when ModSecurity is disabled, the problem is solved.
Your hosting provider advises not to disable ModSecurity because it is very important for security.
so, what is the solution?
Hello,
Unfortunately, since ModSecurity handles the blocking, there’s not much we can do. You may need to ask your hosting provider if there is a way to whitelist Rank Math in order to resolve the issue without disabling ModSecurity.
Hope that helps and please do not hesitate to let us know if you need our assistance with anything else.
Hello,
Since we did not hear back from you for 15 days, we are assuming that you found the solution. We are closing this support ticket.
If you still need assistance or any other help, please feel free to open a new support ticket, and we will be more than happy to assist.
Thank you.
