If you ever experienced this problem that your WordPress site redirects you to
https://yoursite.com/wp-admin/post.php it may be caused by false settings in your
mod_security the module on your server.
After several tests, we came to the conclusion that in most cases the line
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
causes this problem but also any other
<meta> tag. This tag is required for HTML emails so removing this tag may fix the problem but causes your email to render wrong in certain email clients.
Fixing this issue
There are several ways you can fix this. You should get in touch with your host if you are not familiar with server settings. Refer them to this page if needed.
Disable the module
Add the following rules to your .htaccess file in the root of your WordPress site:
<IfModule mod_security.c> SecFilterEngine Off SecFilterPost Off </IfModule> <IfModule mod_env.c> SetEnv MODSEC_ENABLE Off PassEnv MODSEC_ENABLE </IfModule>
If this doesn’t work try
<IfModule mod_sec2.c> SecFilterEngine Off SecFilterPost Off </IfModule>
Bypass mod_security Rules
If you are using “mod_security 2” you may no longer overwrite rules in
.htaccess so you have to bypass them via the config file.
Find the ‘
/usr/local/apache/conf/modsec2/exclude.conf and add the following lines to the very beginning of the file.
<locationmatch "/wp-admin/post.php"> SecRuleRemoveById 300013 SecRuleRemoveById 300015 SecRuleRemoveById 300016 SecRuleRemoveById 300017 </locationmatch>
WordPress uses /wp-admin/post.php to save and update campaigns and with this rule, the module will bypass rules 300013, 300015, 300016, and 300017.
Don’t forget to restart the Apache server after the changes so they take effect.