Problems with Wordpress widgets and plugins


Jude L
 Share

Recommended Posts

I just noticed that I can't configure any of my widgets. I checked the wordpress forums, and they think it might be that my host has mod_security enabled or some such. Considering how many of us use wordpress, would that even be possible that HH limits our use of wordpress like this? Has anyone else had this problem or knows how I can fix it? It isn't my browser, since I have another blog on a different host, and the widgets work perfectly fine. This is a bit of an inconvenience, so I hope HH isn't to blame. I just convinced my husband to move his blog over, and this would greatly diminish his use of his site.

Please advise. Thanks!

Link to comment
Share on other sites

We do have mod_security enabled on all of our servers. You can disable it for your account however by following these instructions on our KB: https://support.hawk...&kbarticleid=96

Edit: Also, questions like this are generally best answered via support ticket at https://support.hawkhost.com -- while we'll always reply here, we'll reply to a ticket a whole lot faster :)

Link to comment
Share on other sites

so is mod_security the reason wordpress doesn't function properly?

And if everyone uses tickets instead of the forum, you'll be asked the same question over and over again. i did a search and not one other person has posted about this here. Obviously an issue if altering our .htaccess file is necessary.

Does that fix have to be in the root .htaccess file or the one in my blog directory? How important is it, that you have it on all your servers? Will my site be vulnerable to attack with it off?

Doesn't anyone else see this as a problem?

Link to comment
Share on other sites

so is mod_security the reason wordpress doesn't function properly?

It could be mod_sec triggering rules to stop your software from doing something, but without knowing your domain name with steps to replicate the issue it is impossible to say for sure. If you could please submit a ticket for this so we can let you know for sure (if you haven't already).

And if everyone uses tickets instead of the forum, you'll be asked the same question over and over again. i did a search and not one other person has posted about this here. Obviously an issue if altering our .htaccess file is necessary.

You're correct in that a public forum can be a valuable resource, especially when it's a relatively obscure topic like this. I was just suggesting the ticket as most users prefer a speedy / accurate response time vs waiting to keep it in a public domain. Obviously if you're not treating this as urgent we have no problem keeping an active discussion here :)

Does that fix have to be in the root .htaccess file or the one in my blog directory? How important is it, that you have it on all your servers? Will my site be vulnerable to attack with it off?

It should be in the .htaccess where your blog is. So if the blog is in your public_html directory edit it there or if it's an addon domain under public_html it'd be in whatever directory that domain is pointing to. We use mod_sec to prevent against common software exploits / attacks to protect users. If you keep your software/plugins up to date you'll reduce your risk and exposure as it mostly prevents against out of date scripts that can be exploited.

Doesn't anyone else see this as a problem?

Which part of our setup is most troubling to you, is it our implementation of mod_sec? If you have any concerns over the way we've got our environment we'd love to clear that up so just let us know. Our sysadmins are a friendly bunch who don't mind (who am I kidding, they love it) ranting about our technology.

Link to comment
Share on other sites

What I meant by it being seen as a problem is that a bunch of people use wordpress, and just about all of them use widgets. So are all of HH's customers who use Wordpress being required to disable the mod_security simply to use widgets? Would seem rather strange that only I am having this issue. :)

It's not really an urgent problem, so I don't mind keeping a public conversation going. If it's deemed necessary to determine if it is just my site, I can submit a ticket later. I guess the thing I'm mostly concerned with is the "opening my site to the danger of exploits" by disabling mod_sec OR having to manually configure every widget I add to my blog. Neither seem very good options. LOL

Link to comment
Share on other sites

  • 4 weeks later...

Wanted to update this by saying that I didn't need to disable mod_security. It was the Buddy Press plugin, which I have since removed from my blog. It was messing everything up. Just FYI for anyone doing a search on this problem. If you're using Buddy Press, you either need to make sure to have it updated to the newest version or remove it from your site, since it will interfere with regular performance of your admin area.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
 Share