Make WordPress Core

Opened 9 years ago

Last modified 2 years ago

#10551 closed defect (bug)

wp_die() triggers block when using ModSecurity core rule set — at Initial Version

Reported by: cstrosser Owned by: ryan
Milestone: 4.1 Priority: low
Severity: normal Version: 2.7
Component: Security Keywords: westi-likes has-patch needs-docs
Focuses: Cc:


wp_die() causes ModSecurity (using Core Rules), a commonly used Apache plugin, to throw a 406 error, blocking the message from displaying.

This seems to be triggered by the fact that a 500 error is thrown. I went and changed the default status code to 401 (Unauthorized) and it worked like a charm. I just wonder if there is a better fix for this issue... or simply a better status code to use.

Perhaps making a group of functions to make the error codes more focused.


wp_die_auth( ('You do not have sufficient permissions to access this page.') );


  • Exits WordPress with Unauthorized status code. *
  • @see wp_die() */

function wp_die_auth($message, $title = ) {

wp_die( $message, $title, 401 );


Change History (0)

Note: See TracTickets for help on using tickets.