Not Acceptable error after login/register/logout

Please, check wordpress great resource at https://codex.www.ads-software.com/htaccess.

Thanks

Are you using any security plugins? If you are, you may have to disable them. If you can log into wp-admin, you could use FTP to rename the plugin in the wp-content/plugins directory.

You said you get the error
“Frequently”
which says “not all the time”. Under what circumstances does it occur more than not?

yes, i have disabled the spam plugin i was using, but the error persists.

yes the login error happens about 85% of the time a user logs in.

This error can be due to the server level mod_security. The following questions may sound out of scope a bit but bare with me.

– Has this always happens or did it just start? If so, what was changed, added, removed?
– What happens when you disable all plugins?
– What happens when you remove all the contents of the .htaccess file (please make a backup first)?
– Is your site have traffic coming from one area? Maybe a single business, building or group?
– If you do have an .htaccess file in the wp-admin directory root. (remove it completely but make a backup first). Does the issue still happen?

You may have to contact your host and see why the mod_security for apache is tripping (if indeed if is the mod_security causing the issue).

– Has this always happens or did it just start? If so, what was changed, added, removed?

Im not sure when it started, we just started testing out registration, thats when we noticed it.

– What happens when you disable all plugins?
I have shut off all plugins and its still gets the error.

– What happens when you remove all the contents of the .htaccess file (please make a backup first)?

I deleted all the code and in the file and the error still happens.

This is the code left:
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ – [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress

# BEGIN wtwp_cache
# END wtwp_cache

# BEGIN wtwp_security
# END wtwp_security

– Is your site have traffic coming from one area? Maybe a single business, building or group?

Yes, currently we are testing a a member directory. So we are logging in from multiple test users and admins.

– If you do have an .htaccess file in the wp-admin directory root. (remove it completely but make a backup first). Does the issue still happen?

Yes, I removed it an it is still happening.

Anything the web host should do?

Thanks for your help.

You mentioned that you and your users are signing in a lot form one place/location. If this location is running a proxy or static IP the apache server may be triggering the error since it see’s a lot of requests from one IP and not as individual users.

If you contact your host and let then know the IP or IP range they should be able to whitlist the IP(s) and hopefully let the mod_security know that your IP(s) are legit users and not hack attempts using up server resources.

Yes, I have already had issues getting blocked from the website by the web host as a precaution of their brute force security preventions.

So they have whitelisted my IP, others have the same issue though on different IPs.

I would still ask them about it. If the server is blocking, it more than likely still has a log of what is going on somewhere on the server.

There could be more than just one measure in place for brute force attacks and or they may have a global setting for overall connections to the server and you seeing it random.

Do you have access to a live monitor of your site? Maybe something that you can watch to see how much resources your site is using i real time?

I will ask them if they can help anymore and if they have a way to monitor the site. They seem to not know the issue when I first asked…

I am sure they have a lot going on but without really knowing what is going on internally with the server, there is only speculation what could be wrong. Good luck