WordPress Empty spam button redirects to homepage


Hopefully this helps someone as it was driving me insane for the last few weeks.  Every time I clicked the Empty Spam button via WordPress comments it would just redirect me to my website root.  Server Error logs, wp_debug produced nothing – no errors or issues of any kind. The WP Super cache emptying Cache shortcut would also produce the same result.

delete spam

Damn you Empty Spam button!

After comparing My WHM powered server with another one the difference appeared to be with Mod_security and the ruleset used.  The Hit List log didn’t tell me a great deal and deciphering a potential problematic ruleset started becoming tedious – lets just get rid of it.

  • The Server exhibiting this behavior had the Cpanel default OWASP ModSecurity Core Rule Set enabled in Modsecurity.
  • The Server without this issue had the more extensive Comodo ModSecurity Ruleset applied.

After disabling OWASP and replacing it with Comodo the problem magically went away.  You can find the details how to add this ruleset right here which should take the best part of 10 seconds: Comodo ModSecurity Ruleset WHM/CPANEL.

  1. Reply
    Stephane August 30, 2017 at 10:09 pm

    Thank you, it’s working!

    Do you know if Comodo provides as much security as OWASP?

    • Reply
      Aaron October 23, 2017 at 11:55 am

      The Comodo ruleset improves upon the default version of OWASP and appears to have better community support behind it. Most of the false positives like this have been fixed unlike OWASAP.

    Leave a reply

    Webmix Australia