Immediately after I upgraded (using Fantastico) from WordPress 2.1.x to 2.2.1 I noticed the Dashboard in the admin was giving me problems. I was getting 404 pages displaying in the middle of the page (even though the source code was fine and there actually aren’t any iframes there). I’ll get to the solution in a minute (so read on) but first I want to tell my story (just because I can).
Initially I thought this was because there had been a problem writing some of the files so I downloaded a clean copy of wordpress and uploaded the files manually over FTP. This didn’t help. Having eliminated browser problems by testing in IE as well as FireFox, I noticed that the page seemed to be loading fine and these 404s were appearing after the page loaded. Guessing Javascript I disabled this feature and tried again. It worked!
It was about this time that I stumbled across some information in the WordPress support forums pointing to a AJAX issue. It seems to be something to do with displaying the dynamic information like notices from WordPress (and incoming links?) and, more specifically, with the Content-type HTTP header being returned having a newly-added character encoding field.
Anyway, for the important bit, here’s the fix:
- FTP to your wp-admin directory
- If there is a .htaccess file there, append the following lines. If there is no .htaccess file, create a file called .htaccess and put these lines in it.
<IfModule mod_security.c>
SecFilterInheritance Off
</IfModule> - Save the file in your wp-admin directory and the rule you’ve just added will be applied to all files in that directory (and thus in your admin interface). Done!
Why does the fix have anything to do with Apache’s security? As it turns out the errors were actually 403 (forbidden) errors caused by a badly-configured mod-security module.  mod_security didn’t like WordPress sending character encoding in the Content-type header. Unfortunately I didn’t have custom 403 pages set up, so I only got the 404s telling me that the 403 page the server was looking for couldn’t be found! That’ll teach me to be half-assed with my error pages (maybe).
Thanks! I was struggling with that.