WordPress Empty spam button redirects to homepage

By Aaron on March 23, 2016
Hopefully this helps someone as it was driving me insane for the last few weeks.  Every time I clicked the Empty Spam button via WordPress comments it would just redirect me to my website root.  Server Error logs, wp_debug produced nothing - no errors or issues of any kind. The WP Super cache emptying Cache […]

Hopefully this helps someone as it was driving me insane for the last few weeks.  Every time I clicked the Empty Spam button via WordPress comments it would just redirect me to my website root.  Server Error logs, wp_debug produced nothing - no errors or issues of any kind. The WP Super cache emptying Cache shortcut would also produce the same result.

Damn you Empty Spam button!

After comparing My WHM powered server with another one the difference appeared to be with Mod_security and the ruleset used.  The Hit List log didn't tell me a great deal and deciphering a potential problematic ruleset started becoming tedious - lets just get rid of it.

  • The Server exhibiting this behavior had the Cpanel default OWASP ModSecurity Core Rule Set enabled in Modsecurity.
  • The Server without this issue had the more extensive Comodo ModSecurity Ruleset applied.

After disabling OWASP and replacing it with Comodo the problem magically went away.  You can find the details how to add this ruleset right here which should take the best part of 10 seconds: Comodo ModSecurity Ruleset WHM/CPANEL.

Article written by Aaron