I keep running into a permission error whenever I try to publish or update posts in my WordPress admin area. The error message says I don’t have permission to access the post.php file in wp-admin when using POST requests.
# WordPress rewrite rules in .htaccess
RewriteEngine On
RewriteBase /my-blog-site/
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /my-blog-site/index.php [L]
I already verified that mod_security is not active on my server, so adding security exceptions probably won’t help much.
<IfModule mod_security.c>
SecFilterEngine Off
SecFilterScanPOST Off
</IfModule>
What steps can I take to fix this permission problem? Any ideas would be helpful.
This sounds like a server authentication issue, not WordPress. I ran into something similar when my host added security layers without telling anyone. Create a simple test file in wp-admin with basic POST functionality - see if the server’s just rejecting requests outright. The post.php error makes me think the server’s treating your publish attempts like unauthorized file access instead of normal WordPress stuff. Check your server error logs for what’s actually getting blocked. If your host lets you switch between Apache and nginx, that sometimes fixes these permission conflicts.
Had the same problem last year - turned out to be file permissions, not .htaccess. Your directories need 755 and files need 644. Check if wp-admin and everything inside (especially post.php) has the right ownership settings. Also ask your host if they’re blocking POST requests to admin areas at the server level. My issue was the web server couldn’t write to the uploads folder, so WordPress threw permission errors when publishing. I’d contact hosting support to see if they’ve got mod_security or similar modules running that might block admin POST requests.
Check your wp-config.php file for weird constants causing this. DISALLOW_FILE_EDIT or similar settings can mess with admin functions. Also try deactivating all plugins temporarily - one might be interfering with the post requests. I’ve seen security plugins block their own admin area before lol