This entry was posted on Saturday, July 14th, 2007 at 3:58 am and is filed under Developer Guide. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Hi All,
Recently, we are keep getting support tickets for relating Wordpress 2.2 (upgrade or fresh) installation about:

While loading WP Dashboard, there are kind of security alert or permission or index-extra.php or javascripts loading error and so on..

or

Method Not Implemented
POST to /wp-admin/index-extra.php not supported.

Yes, this is Wordpress latest version 2.2 script against to Apache mod_security module. We have summarized up a few work around for resolving this issue. Refer the following solutions to regard your server platform use.

Simple way
- the simplest way is
- use WP2.1 version from WP released archive

Mod_security version < 1.9
- create .htaccess file under /wp-admin/
- paste the following code

SecFilterInheritance Off

- if you do so and facing “500 Internal Server Error”, your mod_security is probably version 2.*, delete above .htaccess entry out and please follow the below.

Mod_security version > 2.*
- if your mod_security version is latest
- it has to enable in apache.conf or httpd.conf virtual container

    SecRuleInheritance Off
    ….

Note that, in mod_security 2 and up versions, there is no more SecFilterInheritance directive, instead SecRuleInheritance. But SecRuleInheritance directive have to enable in phase1 level apache.conf or httpd.conf. SecRuleInheritance directive scope do not allow in .htaccess level. Therefore, please submit support ticket for changing this setting, tag with “WP2.2 mod_security setting”. If not, please use one-step-down version of WP, 2.1.

Related Links:
- Mod_security document
- WP Forum Topic#119455
- WP Forum Topic#117993
- WP Forum Topic#117944