Update: It MIGHT be a 403 error related to path security with ModSecurityinstalled on the Apache server.
Snippet of error log:
[Fri Sep 25 20:22:28.132499 2020] [:error] [pid 32542] [client nn.nn.nn.nn:nnn] [client nn.nn.nn.nn] ModSecurity: Warning. Match of “pmFromFile path_excludes” against “REQUEST_FILENAME” required. [file “/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/004_i360_4_custom.conf”] [line “911”] [id “77140992”] [msg “IM360 WAF: Suspicious access attempt (WP folders)!||SC:/home/xxxxxx/public_html/wp-admin/options.php||T:APACHE||REQUEST_URI:/wp-admin/options.php||PC:731||”] [severity “NOTICE”] [tag “service_i360custom”] [tag “noshow”] [hostname “xxxxxxx”] [uri “/wp-admin/options.php”] [unique_id “abcxyz123”], referer: https://xxxxxxx/wp-admin/admin.php?page=postie-settings
It triggers a 403 error – which mod_rewrite in the .htaccess picks up and tries to redirect to a WP page – which doesn’t exist, resulting in the apparent 404.
Finally tracked it down while searching for “wordpress settings post 404” results on Google and found someone else point to – and solve – the problem by getting their host to tweak their ModSecurity setup.
I commented out my .htaccess url rewrite settings for a few tests and hit upon the 403.