What is a 406 Not Acceptable Error? Print

A 406 Not Acceptable error produced by your website is a result of our Web Application Firewall (WAF) called ModSecurity essentially saying:

"Your request was blocked by our security system"

In simple terms:

You tried to access a webpage, submit a form or update a page or post in WordPress when ModSecurity's security rules detected something that looked suspicious (even if it was harmless). Instead of letting the request through, ModSecurity blocked it and returned a 406 error. This is ModSecurity's way of saying "I don't accept this type of request because it might be dangerous"

Common triggers:

• Certain words in contact forms that look like hacking attempts
• File uploads with suspicious names
• URLs with characters that resemble malicious code
• Form submissions that match attack patterns

The 406 error is ModSecurity being cautious - it is better to block a legitimate request than to let a potential attack through. When this happens, the security rules usually need to be adjusted to allow your specific legitimate activity.

---

 

We understand that ModSecurity may occasionally block legitimate WordPress requests, and we apologize for any inconvenience this causes.

 

However, we maintain ModSecurity as a critical security layer because it provides essential protection against:

 

• SQL injection attacks
• Cross-site scripting (XSS) attempts
• Malicious file uploads
• Brute force attacks
• Various other web application vulnerabilities

WordPress sites are frequent targets for automated attacks, and ModSecurity acts as a line of defence, blocking thousands of malicious requests daily that could otherwise compromise your website, data, or our hosting infrastructure.

 

Rather than disabling this protection entirely, we prefer to work with you to fine-tune the rules when false positives occur. This approach maintains robust security while minimizing disruption to legitimate functionality.

 

If you are experiencing 406 Not Acceptable errors on your site, please open a support ticket! Be sure to include the domain where you are experiencing the issue so we can investigate.