if you're using mod_security, try a variant of this ruleset: SecFilterSelective "THE_REQUEST" "wp-register.php" "id:1004,deny,log,status:412" #SecFilterRemove 1004 <- use this to remove the rule per virtual host, uncommented.