I am receiving a "406 Not Acceptable" error message Print

  • 3

To try and reduce automated attacks against Wordpress sites that we host, we have implemented specific mod_security rules that detect and block potential detected attacks. If these mod_security rules are triggered, your requests to access the Wordpress login page will be blocked with a "406: Not Acceptable" error message. This block is temporary and will expire within a couple of hours. Please note that we are unable to remove these temporary blocks and you will have to wait for them to automatically expire.

What could be considered an attack?
  1. Logging in and out of Wordpress multiple times in relatively short succession.
  2. Multiple authentication failures when attempting to login to Wordpress.
  3. Logging in (and possibly out) of multiple different Wordpress websites in relatively short succession.
  4. Repeatedly accessing the Wordpress login page on any site(s) in relatively short succession.
It's important to note that these rules are server wide and not site specific, thus if you have multiple sites hosted with us on the same server these rules will apply to all sites at the same time. Once the rule has been triggered, you (anyone at your IP address) will be denied access to any Wordpress login page on that particular server and will see a "406: Not Acceptable" error message. This block is specific to you and does not mean that your website is being blocked to everyone else.

False Positives
As with any mod_security rules, they are not 100% guaranteed to catch all attacks and may sometimes detect normal activity and traffic as an attack incorrectly. If you are affected by this error and cannot access your website(s), and would like us to disable this protection to prevent further errors from occuring we can certainly do this. Please get in touch via support ticket to request this if required. Please be advised that disabling these rules will remove any protection against brute force attacks that may be made against your Wordpress installation(s). We strongly recommend that you also install a plugin that may reduce or block invalid login attempts to your site to compensate for the removal of these mod_security rules.

Was this answer helpful?

« Back