Symptoms
-
When logging in to PHP-based (WordPress, Joomla, Typo3 or any other CMS) or ASP-based application, the page refreshes without any changes.
-
"Tradeoff" or "Thorough" mode is enabled in Plesk at Tools & Settings > Web Application Firewall > Settings.
Cause
This is an issue in ModSecurity for IIS web server.
When changing the predefined set of values to "Tradeoff" or "Thorough" in ModSecurity settings (Tools & Settings > Web Application Firewall (ModSecurity)), the following warning message appears:
Selecting the "Tradeoff" or "Thorough" options may cause WordPress sites to malfunction, among other unwanted side effects, because of the following ModSecurity issue.
Resolution
-
Go to Tools & Settings > Web Application Firewall (ModSecurity) > Settings.
-
Add the line below into the Custom directives field:
SecStreamInBodyInspection on
-
Apply the changes.