Discount Sale
  • Days
  • Hrs
  • Mins
  • Secs
30% Off

Use coupon code 'JDS30' Limited Offer!!

Star
WebToffee Logo
WebToffee Logo
  • Home
  • Plugins
  • Shopify apps
  • Bundles
  • Resources
    • Blog

      Explore expert guides, how-tos & insights to grow your eCommerce business.

    • Info Library

      Explore short reads on WordPress, eCommerce & privacy topics.

    • Infographics

      Easy-to-share visuals that explain eCommerce and privacy concepts.

    • Customer Stories

      Read inspiring stories of our customers and their successful business.

    • Customer Testimonials

      See what customers say about using WebToffee tools and plugins.

  • Help
    • Documentation

      Get started with step-by-step guides for our WordPress & Shopify solutions.

    • Frequently Asked Questions

      Find quick answers to commonly asked questions about our solutions.

    • Support

      Reach out for plugin setup, technical issues, licenses, or billing help.

    • Free Plugin Documentation

      Setup guides for all our free WordPress plugins to help you get started.

Login
cart 0

How to Fix the mod_security Error

Last updated on December 10, 2024

Mod_security is a server-side error. Error Message: “Not acceptable! An appropriate representation of the requested resource could not be found on this server. This error was generated by Mod_Security.”

Looking for ways to fix the Mod_Security Error? Here are a few quick fixes you can do to fix it.

What is mod_security?

ModSecurity is an open-source web application firewall (WAF) supported by web servers like Apache, Nginx, and IIS. WAFs ensure the security of web-based software programs by detecting and preventing attacks before they reach them.

Mod_security comes with a Core Rule Set (CRS) with different rules for protecting your website from attacks, such as cross-website scripting, bad user agents, SQL injection, Trojans, session hijacking, etc. 

Why does the mod_security error happen?

Following is a screenshot of the mod_security error on a website.

mode_security generated error
The mod_security error

Image credit: Infoinspired.com

The error simply states that you do not have permission to access the server or that your hosting company is blocking certain requests to its servers. 

Why does it happen?

As a security practice, every page request from your website is checked against various rules to filter out malicious requests. Sometimes, due to poor website coding, mod_security may incorrectly determine that a certain request is malicious and disable its access while it is legitimate. 

This is when you get the error.

Now, let us see how you can fix the error for your website. 

How to fix the mod_security error?

You can choose one of the three ways to get the error fixed. 

1. Contact your Host

As you have already learned, it is a server-side error and the easier and safer fix for the error would be contacting your hosting provider. You can contact their support team and explain your issue. They will most likely solve the issue by disabling certain security rule(s) or by whitelisting the requested page. 

2. Disable mod_security by using the .htaccess file

This method is not highly recommended as it will turn off the whole mod_security Apache module for your site, which might not be good for your site’s security.

To disable the mod_security error by using the .htaccess file do the following.

  1. Back up your .htaccess file in the ‘wp-admin’ directory.
  2. Create a ‘.htaccess’ file with the following content (by using any text editor).
  3. Upload it to the ‘wp-admin’ directory.

later upload the .htaccedss file to your server. 

  <IfModule mod_security.c> 
  SecFilterEngine Off 
  SecFilterScanPOST Off 
  </IfModule>

If the solution above doesn’t work, try the one below.

  1. Backup your .htaccess file if you have one in the public_html directory
  2. Open the .htaccess file with any text editor
  3. Update the file with the below content
  4. Upload it to the ‘public_html’ directory
   <IfModule mod_rewrite.c> 
   RewriteEngine On RewriteBase / 
   RewriteCond %{REQUEST_FILENAME} !-f 
   RewriteCond %{REQUEST_FILENAME} !-d 
   RewriteRule . /index.php [L] 
   </IfModule>

3. Disable mod_security for specific URLs

With this method, you can disable mod_security only on specific URLs rather than your entire site, which is a better option in terms of security. You can specify which URLs to match via the regex in the <If> statement below. 

<IfModule mod_security.c> 
<If "%{REQUEST_URI} =~ m#/admin/#"> 
SecFilterEngine Off SecFilterScanPOST Off 
</If> 
</IfModule>

Final Note

Although disabling mod_security is a solution to fix the error, it is best to consult your host and ask their opinion before you go with the fix. 

📚

Discover More:

  • Getting Client ID and Secret
  • Collect API Username, Password, and Signature

Avatar

Written by

Haritha

Associate Product Manager @ WebToffee

Comments (8)

  1. Hildegarde

    August 13, 2024

    Usually I do not learn post on blogs, however I wish to say that this write-up very
    pressured me to try and do so! Your writing style has been amazed me.
    Thank you, very great article.

    Reply
  2. Franieboy

    December 26, 2023

    I have eror one 1 of my page Eror 403 what do you think the solution to fix this eror.

    Reply
    • Arjun

      January 3, 2024

      Hi Franieboy,

      Thank you for reaching out to us. After reviewing the situation, it appears that the Error 403 may not be directly related to the plugin you are using. Instead, it is possible that the issue lies with the PayPal integration itself. We recommended you to reach out to the PayPal support for further assistance.

      Reply
  3. marks

    August 23, 2022

    I’m using CyberPanel OLS, how can this rule work with OpenLiteSpeed?

    Reply
    • Mark

      August 26, 2022

      Hi Marks,

      We are sorry that we are a little out of depth on your query. Kindly try contacting your hosting support. They will surely be able to provide better insight in the matter.

      Reply
  4. Mary Teyssier

    September 9, 2021

    Cannot log into my Lake Ashton Living account. Keep getting error comment.

    Reply
    • Mark

      September 13, 2021

      Hi Mary,

      If you are having an issue with the account in webtoffee.com, please submit a ticket here.

      Reply
  5. Fredy Andino

    July 20, 2021

    Excelente explicación. Saludos

    Reply

Got any query? Please leave a comment or reach out to our support

Cancel reply

Your email address will not be published. Required fields are marked *

Product icon

PayPal Express Checkout Payment Gateway for WooCommerce

Get free plugin

On this page

  • What is mod_security?
  • Why does the mod_security error happen?
  • How to fix the mod_security error?
  • 1. Contact your Host
  • 2. Disable mod_security by using the .htaccess file
  • 3. Disable mod_security for specific URLs
  • Final Note

Get started with your WebToffee plugin!

Your plugin will be downloaded in a few seconds...

All you need to do is add the plugin to your WordPress website.

To install and activate the plugin, view our installation guide.

download now
Webtoffee
Facebook
Twitter
Youtube
Linkedin
WordPress

We develop awesome WordPress and WooCommerce plugins and Shopify apps to help build successful online businesses.

© 2025 WebToffee. All rights reserved.

Our plugins

  • GDPR Cookie Consent
  • PDF Invoices & Packings Slips
  • Product Import Export Plugin
  • User & Customer Import Export
  • Import Export Suite
  • Sequential Order Numbers
  • Smart Coupons for WooCommerce
  • URL Coupons for WooCommerce
  • PayPal Express Checkout
  • Stripe Payment Gateway
  • Subscriptions for Woocommerce
  • WooCommerce Product Feed & Sync Manager
  • PrintNode for PDF Invoices
  • Order, coupon, subscriptions for WooCommerce
View more +

Get Started

  • Plugins
  • Testimonials
  • Customer Stories
  • Affiliates
  • We're hiring

Help & Support

  • Installation Guides
  • Documentation
  • Documentation (Basic)
  • Info Library
  • Infographics
  • FAQ
  • Support

Company

  • About Us
  • Terms & Conditions
  • Privacy Policy
  • Cookie Policy
  • Refund Policy
  • Support Policy

© 2025 WebToffee. All rights reserved.

We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies. However you may visit Cookie Settings to provide a controlled consent.
Cookie settingsReject allAccept all
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of the basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website, to store user preferences and provide you with content and advertisements that are relevant. Such cookies will be stored on your browser but only upon procuring consent.

You will also have the option to opt-out of these cookies should you want to. But opting out of some of these cookies may have an effect on your browsing experience as per the descriptions elucidated against the respective categories below.

Necessary
Always Enabled
The cookies defined under this category are absolutely essential for the website to function. Hence they are loaded by default irrespective if user consent.
CookieDescription
__cfruidCloudflare sets this cookie to identify trusted web traffic.
__stripe_midStripe sets this cookie cookie to process payments.
__stripe_sidStripe sets this cookie cookie to process payments.
cookielawinfo-checkbox-advertisementSet by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analyticsSet by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Analytics" category .
cookielawinfo-checkbox-necessarySet by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Necessary" category .
cookielawinfo-checkbox-preferencesThis cookie is set by the GDPR Cookie Consent plugin to check if the user has given consent to use cookies under the "Preferences" category.
CookieLawInfoConsentRecords the default button state of the corresponding category & the status of CCPA. It works only in coordination with the primary cookie.
PHPSESSIDThis cookie is native to PHP applications. The cookie is used to store and identify a users' unique session ID for the purpose of managing user sessions on the website. The cookie is a session cookie and is deleted when all the browser windows are closed.
viewed_cookie_policyThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not a user has consented to the use of cookies. It does not store any personal data.
Analytics
Analytics cookies help us understand how our visitors interact with the website. It helps us understand the number of visitors, where the visitors are coming from, and the pages they navigate. The cookies collect this data and are reported anonymously.
CookieDescription
_gaThis cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assigns a randomly generated number to identify unique visitors.
_ga_BQH8MSKD4MThis cookie is installed by Google Analytics.
_gat_gtagIdentification code of website for tracking visits.
_gidThis cookie is installed by Google Analytics. The cookie is used to store information on how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visited in an anonymous form.
_hjAbsoluteSessionInProgressHotjar sets this cookie to detect the first pageview session of a user. This is a True/False flag set by the cookie.
_hjFirstSeenHotjar sets this cookie to identify a new user’s first session. It stores a true/false value, indicating whether it was the first time Hotjar saw this user.
_hjidHotjar cookie. This cookie is set when the customer first lands on a page with the Hotjar script. It is used to persist the random user ID, unique to that site on the browser. This ensures that behavior in subsequent visits to the same site will be attributed to the same user ID.
_hjIncludedInPageviewSampleHotjar sets this cookie to know whether a user is included in the data sampling defined by the site's pageview limit.
_hjIncludedInSampleThis cookie is set to let Hotjar know whether that visitor is included in the sample which is used to generate heatmaps, funnels, recordings, etc.
_hjIncludedInSessionSampleHotjar sets this cookie to know whether a user is included in the data sampling defined by the site's daily session limit.
_hjSessionUser_1376571No description
_hjTLDTestTo determine the most generic cookie path that has to be used instead of the page hostname, Hotjar sets the _hjTLDTest cookie to store different URL substring alternatives until it fails.
CONSENTYouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.
has_recent_activityThis cookie is used to signal to the code repository website if the user has browsed other website resources during the current session.
tk_aiGathers information for our own first-party analytics tool about how our services are used. A collection of internal metrics for user activity and is used to improve user experience.
tk_lrThis cookie is set by the JetPack plugin on sites using WooCommerce. This is a referral cookie used for analyzing referrer behavior for Jetpack.
tk_orThis cookie is set by the JetPack plugin on sites using WooCommerce. This is a referral cookie used for analyzing referrer behavior for Jetpack.
tk_qsGathers information for our own first-party analytics tool about how our services are used. A collection of internal metrics for user activity and is used to improve user experience.
tk_r3dThe cookie is installed by JetPack. Used for the internal metrics for user activities to improve user experience.
Advertisement
Advertisement cookies help us provide our visitors with relevant ads and marketing campaigns.
CookieDescription
_fbpThis cookie is set by Facebook to deliver advertisements when they are on Facebook or on a digital platform powered by Facebook advertising after visiting this website.
frThe cookie is set by Facebook to show relevant advertisements to the users and measure and improve the advertisements. The cookie also tracks the behavior of the user across the web on sites that have Facebook Pixel or Facebook social plugin.
VISITOR_INFO1_LIVEA cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSCYSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devicesYouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-idYouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
Preferences
Preference cookies are used to store user preferences to provide them with content that is customized accordingly. This includes the language of the website or the location of the visitor.
CookieDescription
_gh_sessThis cookie is used to preserve users' states across page requests.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
CookieDurationDescription
_hjSession_137657130 minutesNo description
_octo1 yearNo description available.
_zendesk_authenticatedpastNo description
_zendesk_sessionsessionNo description available.
_zendesk_shared_sessionsessionNo description available.
edd_wp_session12 hoursNo description available.
logged_in1 yearNo description available.
m2 yearsNo description available.