Method Not Implemented GET to /wp-admin/admin.php not supported – Mod Security Problem

[julia]

Hi, I understand that I need to create an htaccess file to keep my wordpress blog secure, but when i try to use the [obsolete-removed] buttons, my browser comes up with  “Method Not Implemented GET to /wp-admin/admin.php not supported. Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.” Any suggestions? I am completely new to WordPress security measures but my blog has been hacked 3 times now!

[AITpro Admin]

Looks like this has something to do with Mod Security SecRules (secRules are custom security rules that your Sever Administrator would add to the mod security configuration file) set on your Server/Host.  So in laymans terms most likely what is happening is your Server is configured to not allow or is blocking some of the BPS .htaccess code.  Or maybe your site still has malicous code somewhere on it and this is actually causing the error.

http://weblogtoolscollection.com/archives/2008/02/12/modsecurity-wordpress-admin-and-method-not-implemented/

Which web host do you have?

Try deactivate-ing Root Folder BulletProof Mode and see what happens.  If that works then check with your Host Support folks and send them the BPS root .htaccess file to have them look at it and let you know what is blocked in the file.

[AITpro Admin]

Email Question:

hi, i need help with this, please help. Best Regards, Allam

1. I cant use auto magic to create .htaccess because i receive this error
Method Not Implemented

GET to /consumers/wp-admin/admin.php not supported.
Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

url: [website domain name removed for privacy]/consumers/wp-admin/admin.php?page=bulletproof-security/admin/options.php

2. if i active the root protection, i lost my web page 500 error. log in cpanel say: [Sun Sep 29 23:40:50 2013] [error] [client xxx.xxx.xxx.xxx] File does not exist: /home/xxxxx/public_html/index.php
in fact my wordpress is in /public_html/consumer/index.php

the .htaccess have this /public_html/consumer/
3. I cant turn on ARQ
ARQ FailSafe Procedural Shutdown
This procedural ARQ FailSafe Shutdown happens when ARQ is turned On and you are creating Exclude Rules.
This FailSafe ensures that no files are accidentally sent to Quarantine while you are creating your Exclude Rules.
Once you have completed creating your Exclude Rules you can turn ARQ back On by selecting your Cron Check Frequency, selecting Turn On ARQ Cron and clicking the Save ARQ Cron Options button.

[AITpro Admin]

“Method Not Implemented” errors are mod_security errors.

To Troubleshoot mod_security problems add this .htaccess code to your Root .htaccess file.  BPS is compatible with mod_security in general.  mod_security is similar to .htaccess files in that you can create custom security rules and filters.  mod_security rules and filters are called SecRules and SecFilters.  mod_security is configured at the Server level, but can be turned On and Off in an .htaccess file IF the Server is allowing this.  Once you have confirmed the problem is with mod_security SecRules and/or SecFilters contact your Host and ask them to assist you to correct the mod_security SecRules and SecFilters on your Server that are causing this problem.  Or you can just keep mod_security turned off by using this code below.

<IfModule mod_security.c>
SecFilterEngine Off
SecFilterScanPOST Off
</IfModule>

[Author]

Posts