Recently, while writing a blog post I found that I am not able to update/publish any post on my WordPress website dashboard rather it redirects me to the website front page when I click the “Update” button. Now, I was unsure what’s creating this trouble and how to fix this 302 redirect when updating posts in WordPress.
To check what could be the issue, I tried the followings :
- I deactivated all the plugins
- Even changed the theme to the default Twenty Sixteen
Still, the issue was there. After debugging a little more I found the cause of this. It was the strict Mode_Security which was causing the trouble. Now the question is: “What is Mod_Security?”
ModSecurity is an open source, cross-platform web application firewall (WAF) module. Known as the “Swiss Army Knife” of WAFs, it enables web application defenders to gain visibility into HTTP(S) traffic and provides a power rules language and API to implement advanced protections.
Basically, this is an Apache module that is installed on most servers by default to help protect your website from various attacks. It is used to block commonly known exploits by use of regular expressions and rule sets. This sometimes blocks the POST requests being generated after a post is updated or published because of the complex HTML content having all the tags, embed code, shortcodes etc. which get caught by the ModSecurity’s rule set.
To fix this issue simply disable the module on your server. This can be achieved through the
Modsec Manager plugin for cPanel if you are on a shared server. Read the following to know how to disable manually on VPS and Dedicated servers. http://www.inmotionhosting.com/support/website/modsecurity/what-is-modsecurity-and-why-is-it-important
I am sure there are a ton of other reasons for a 302 redirect issue but in my case, this was Mod_Security causing the problem and after disabling the module I am able to update and publish the posts. 🙂