My first encounter with a WordPress 406 “Not Acceptable…” error was back when I upgraded to WordPress 2.1. It wouldn’t let me post, edit posts, access options, etc. I searched extensively online at the time, and found that the error has something to do with a host using mod_security. The general recommendation was to turn mod_security off. I see that method is still being recommended to people, and it’s a bad move for two reasons:
- Mod_security is a good thing. As the name implies, it’s a security feature, and you don’t want to be hacked because WordPress and your host are having a minor clash.
- According to the above link, it doesn’t work anyway.
The solution I found some time ago is still the best I’ve ever found. You can turn off mod_security just on certain modules:
- Create an .htaccess file in your /wp-admin folder.
- Put the following in it:
<Files options.php> SecFilterInheritance Off</Files>
<Files post.php> SecFilterInheritance Off </Files>
<Files edit.php> SecFilterInheritance Off </Files>
<Files page.php> SecFilterInheritance Off </Files>
What that code does is manually turn off the security just as needed on certain modules. The trick is to find the exact name of the page that’s returning a 406 error every time you hit “save” or “submit”, and put it where “options.php” occurs in the first example there.
Now, the bad news. If your host can’t make mod_security work around something like WordPress to start with, you’re not using the best host. It would be better to find a new host altogether – one that understands its servers and php/mysqk applications well enough to set up for both security and functionality. But while you’re searching for that better host, you can use the above code without putting your site at too much risk.