dnsServer•webwordpresserrorerrorerror403securityfirewallsettingsserver_configuration•labelCommon•warningModerate

The site is blocked by a firewall (mod_security)

ModSecurity is a web‑application firewall that runs at the server level. It inspects each request and compares it against a rule set. When a rule flags a request as malicious, ModSecurity returns a 403 or 406 response and displays the “The site is blocked by a firewall (mod_security)” notice. WordPress actions such as form submissions, AJAX calls, or media uploads often contain patterns that resemble attacks, so an over‑aggressive rule set generates false positives.

The block occurs before WordPress code executes. The server stops the request, logs the event, and shows the error to the user. Because the firewall operates outside of WordPress, the platform itself cannot resolve the issue without server‑level changes.

Symptoms

[dashicons-warning]

Blocked message on screen

You see “The site is blocked by a firewall (mod_security)” on front‑end or admin.

[dashicons-dismiss]

HTTP 403 or 406 error

The browser returns a 403 Forbidden or 406 Not Acceptable response.

[dashicons-admin-tools]

Failed actions

Publishing, saving settings, uploading media, or submitting forms stops.

Common Causes

Over‑aggressive rule set

Default OWASP CRS flags legitimate WordPress requests as attacks.

False‑positive patterns

Strings like , SELECT *, or ../ trigger rule matches.

Large POST bodies

Media uploads or REST API JSON exceed request size limits.

Need this fixed right now?

Don't waste your day debugging. Our experts can Fix your issues in under 2 hours.*

Success Rate

100% Guaranteed

Starting from

$35 /hour

99+

Trusted by Business Owners

“I spent 3 days trying to fix the Elementor loading loop. These guys fixed it in 20 minutes. Lifesavers!”

— Sarah J., Web Designer

Related Issues

Contact Form 7: REST API request failed: 503 Service Unavailable

A 503 Service Unavailable response stops Contact Form 7 from sending data...

apiREST APIerror503descriptioncontact-form-7

Contact Form 7: REST API request failed: 429 Too Many Requests

The form tries to send data through the WordPress REST API. The...

apiREST APIerrorerrorsecurityfirewalldescriptioncontact-form-7settingsserver_configuration

Contact Form 7: REST API request failed: 401 Unauthorized

The form tries to send data via the WordPress REST API. The...

apiREST APIadmin_panel_settingspermissionsdescriptioncontact-form-7lock401

Contact Form 7: File upload error: temporary directory missing

The error appears when Contact Form 7 cannot locate a writable temporary...

codePHPcloud_offupload erroradmin_panel_settingspermissionsdescriptiontemporary filedescriptioncontact-form-7

Contact Form 7: Mail (2) sending failed: PHP mail() function disabled

Contact Form 7 reports a failure for Mail (2) when the PHP...

codePHPerrorerrordescriptioncontact-form-7mailMailsettingsserver_configuration

Contact Form 7: Mail (2) sending failed: SSL certificate verification failed

Contact Form 7 reports a failure when trying to send the secondary...

errorerrorlocksslcodecURLdescriptioncontact-form-7